"Information Warfare"
Since it has the potential to make everyone's jobs here more interesting, I thought I'd bring it up and get everyone's opinion. This company claims to be developing a "security solution" that claims to "fight back" against attackers. I'm sure I'm not the only one here who thinks this is a tremendously bad idea. I'll let you guys tear it apart; take a look at their "white paper" and press release, both of which are dripping with enough war analogies and corporate bizspeak to make any self-respecting techie cringe. http://symbiot.com/ -- John Bishop -- moonwick@lasthome.net http://lasthome.net/~moonwick/ "When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -- R. Buckminster Fuller
On Fri, 5 Mar 2004, John Bishop wrote:
Since it has the potential to make everyone's jobs here more interesting, I thought I'd bring it up and get everyone's opinion. This company claims to be developing a "security solution" that claims to "fight back" against attackers.
I'm sure I'm not the only one here who thinks this is a tremendously bad idea.
I'll let you guys tear it apart; take a look at their "white paper" and press release, both of which are dripping with enough war analogies and corporate bizspeak to make any self-respecting techie cringe.
Read through it. Its almost as if it was written by our current president's staff - a lot of analagies come to me like SDI/starwars, 'protect your soil on foreign land' and 'strike back before they do' (without of course any serious proof that they are doing anything). And through it all you find absolutly know exact details on what they are planning to do and why. But to be perfectly honest after I saw that some of the press-release people were from Network Solutions (their "information warfare" specialist - wouldn't that be more proper to say about NSI/Verisign's marketing staff or their lawyers :), I'm not certain if this is just a big hupla to market itself and make big money on things you probably dont need and that are not effective or if it is really serious threat to stability of the net (from NSI you can expect either way...). But its only 30 days before they promise to provide details, so its fine by me to wait until they do and for now treat current info as just self- marketing that should be ignored until we know what they are going to offer. Here is a quote from their press-release I especially like: ... "Symbiot has introduced the first and only tool that intelligently and accurately responds to hostile attacks against enterprise networks", said Richard Forno, former chief security officer for Network Solutions, and a noted information warfare specialist. "While other companies offer only passive defense barriers, Symbiot provides the equivalent of an active missile defense system" ... -- William Leibzon Elan Networks william@elan.net
On Sat, Mar 06, 2004 at 01:46:33AM -0800, william(at)elan.net wrote:
Read through it. Its almost as if it was written by our current president's staff - a lot of analagies come to me like SDI/starwars, 'protect your soil on foreign land' and 'strike back before they do' (without of course any serious proof that they are doing anything). And through it all you find absolutly know exact details on what they are planning to do and why.
Information Warfare? Given the state of the industry, what we need is Information Welfare. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard A Steenbergen wrote:
On Sat, Mar 06, 2004 at 01:46:33AM -0800, william(at)elan.net wrote:
Read through it. Its almost as if it was written by our current president's staff - a lot of analagies come to me like SDI/starwars, 'protect your soil on foreign land' and 'strike back before they do' (without of course any serious proof that they are doing anything). And through it all you find absolutly know exact details on what they are planning to do and why.
Information Warfare? Given the state of the industry, what we need is Information Welfare.
I'd say so! SDI/starwars was several Presidents back, as I recall.
On Sat, 06 Mar 2004 10:11:16 -0600 "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net> wrote:
Richard A Steenbergen wrote:
Information Warfare? Given the state of the industry, what we need is Information Welfare.
I'd say so! SDI/starwars was several Presidents back, as I recall.
i was working on some government defense type projects (not SDI) back when SDI was the big rage. we all thought that the SDI was DoD contractor welfare at the time (mostly because it reduced the funds available to us non-SDI types.) richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
On Saturday, March 06, 2004 4:46 AM [EST], william(at)elan.net <william@elan.net> wrote:
Here is a quote from their press-release I especially like: ... "Symbiot has introduced the first and only tool that intelligently and accurately responds to hostile attacks against enterprise networks", said Richard Forno, former chief security officer for Network Solutions, and a noted information warfare specialist. "While other companies offer only passive defense barriers, Symbiot provides the equivalent of an active missile defense system" ...
Lovely. So not only do we now have to fend off attacks from script kiddies and packet monkies, we now have to fend off attacks from idiot sysadmins who set this tool up and allow it to go all out on supposed 'attacks' against their systems. I'll share my favorite goober with firewall story. When I was a sysadmin/netadmin at a large ISP, I used to get these 'attack' reports from clueless users all the time. I could identify which tool they used just by how the body of the message looked and how the 'attack' was described. Got ones saying that my performance testing server (which sometimes did ping scans across the dialups to see what the general response time was) was 'attacking' the user's machine with a single ICMP echo. Or how our IRC server was trying to attack the user on the ident port every time they tried to connect. Of course, the best one was when a supposed 'security expert' called up and complained how my two caching DNS servers for the T1 customers was attacking his entire network on port 53 UDP. He had naturally filtered the 'attack' because it was obvious that our Linux DNS servers were infected with one of the latest Windows viruses going around, and suddenly noone on his network could browse the web anymore. So, let me ask the question, do we really want people like that having a tool which autoresponds to attacks with attacks? At least when he filtered out our DNS traffic, it only affected his network... But imagine if he had launched an attack against my DNS servers in response? Yeah, thats a great idea. Of course, now that the AHBL does its own proxy testing, we get all sorts of fun reports from end users about our 'attacks' against their machines. Latest one demanded I tell her why we had scanned her, but wouldn't tell me her IP address or when the scan happened exactly, claiming that I had done the scan, so I should know what IP she is. Too bad I test over 100,000 IP addresses daily for open proxies.... Lets not even get into the legal consequences for a tool like this, especially if it backfires and launches an attack against the NIPC, for example. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
At 12:32 PM 3/6/2004, Brian Bruns wrote:
Lovely. So not only do we now have to fend off attacks from script kiddies and packet monkies, we now have to fend off attacks from idiot sysadmins who set this tool up and allow it to go all out on supposed 'attacks' against their systems.
I think the company's name Symbiot, which is apparently a witty contraction of two English words, says it all: Main Entry: sym�bi�o�sis Pronunciation: "sim-bE-'O-s&s, -"bI- Function: noun Inflected Form(s): plural sym�bi�o�ses /-"sEz/ Etymology: New Latin, from German Symbiose, from Greek symbiOsis state of living together, from symbioun to live together, from symbios living together, from syn- + bios life -- more at QUICK 1 : the living together in more or less intimate association or close union of two dissimilar organisms 2 : the intimate living together of two dissimilar organisms in a mutually beneficial relationship; especially : MUTUALISM 3 : a cooperative relationship (as between two persons or groups) <the symbiosis... between the resident population and the immigrants -- John Geipel> - sym�bi�ot�ic /-'�-tik/ adjective - sym�bi�ot�i�cal�ly /-ti-k(&-)lE/ adverb Main Entry: id�i�ot Pronunciation: 'i-dE-&t Function: noun Etymology: Middle English, from Anglo-French ydiote, from Latin idiota ignorant person, from Greek idiOtEs one in a private station, layman, ignorant person, from idios one's own, private; akin to Latin suus one's own -- more at SUICIDE 1 usually offensive : a person affected with idiocy 2 : a foolish or stupid person - idiot adjective It is apparently a system to allow idiots to live together with other idiots. I'm assuming that one of the idiots is the device manufacturer and the other is the customer. :) -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Good will, like a good name, is got by many actions, and lost by one." - Francis Jeffrey
participants (7)
-
Brian Bruns -
John Bishop -
Laurence F. Sheldon, Jr. -
Richard A Steenbergen -
Richard Welty -
Robert Boyle -
william(at)elan.net