Internet Monitoring Center
Who has the biggest wall of big screen monitors? http://www.washingtonpost.com/wp-dyn/articles/A3409-2003Jan30.html
From: "Sean Donelan"
Who has the biggest wall of big screen monitors?
To my knowledge, Norad still does. <quoted from article> The "Global Early Warning Information System," (GEWIS, pronounced "gee-whiz") [...] Mark Rasch, former head of the Justice Department's Computer Crime division, questioned the need for GEWIS. With most Internet attacks, he said, by the time you notice a huge spike in traffic, it's already too late to head off disruptions. </quote> "GEWIS, man. Look at all 'dem red marks. I thought they said a couple hours. It was all pretty and green a minute ago. Who'd do such a thing? They're ruining my pretty screen." I question any government plan when some providers have made it perfectly clear that they are either a) not willing to help track DDOS origination points or b) they are incompetent to do so. Perhaps I should ammend that, if you are not a world known corporation, the above might be true. Now the government will interlink communications between large providers to assist in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues? Is it better to have a close relationship with the government than it is your competitor? I'm still waiting for someone to contact me reguarding the results of the DDOS assistance I asked for over four months ago for an attack that was actively monitored for well over 24 hours. Honestly, I don't think it was worth their time. Once blocked in their oc192 core, their network stabilized and it wasn't worth looking further into. I expect the bots are probably still in operation today causing havoc because not one of them was tracked and shut down. -Jack
On Thu, 30 Jan 2003 04:21:40 CST, Jack Bates <jbates@brightok.net> said:
in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues?
"I'll get back to you Tuesday or when NANOG posts embarrass me" works for peering issues, but not for security issues. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
On Fri, 31 Jan 2003 Valdis.Kletnieks@vt.edu wrote:
in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues?
"I'll get back to you Tuesday or when NANOG posts embarrass me" works for peering issues, but not for security issues.
Actually it works about as well for both issues. When John Markoff from the New York Times calls companies take an interest. The reality is companies act in their own self-interest. Both peering and security have asymetric costs, i.e. more pain or gain for one of the parties. Being a "good neighbor" is noble, but it doesn't pay. Although everyone could win if all parties cooperated, one party has an advantage by defecting because they save the expense but still get the benefit of everyone else doing it (tragedy of the commons, prisoners' delima, etc). What is interesting is the flip between large and small providers on who benefits the most from peering or security. Peering is a much bigger "win" for a smaller provider than a large provider. So the small provider has an incentive to peer, while the large provider doesn't. For the large provider, peering is just another expense they would prefer not to spend. On the other hand, security is a much bigger "win" for a larger provider than for a small provider. As Willie Sutton use to say, he robbed banks because that's were the money was. Larger providers have more exposure, and more to loose. Even a non-directed attack such as a worm tends to impact larger providers more than smaller providers. The larger provider has more incentive to work on security. For a small provider, security is just another expense they would prefer not to spend. And let's face it, bank security exists to protect the bank's money.
From: "Sean Donelan" <snip>
On the other hand, security is a much bigger "win" for a larger provider than for a small provider. As Willie Sutton use to say, he robbed banks because that's were the money was. Larger providers have more exposure, and more to loose. Even a non-directed attack such as a worm tends to impact larger providers more than smaller providers. The larger provider has more incentive to work on security. For a small provider, security is just another expense they would prefer not to spend.
<snip> I completely agree. Yet large providers have peer coordinators and many lack security coordinators or liaisons. Perhaps it's just the provider I reported the incident to, and I may find better luck with my new providers. To be honest, I don't think my old provider would have done much of anything except that it was a large enough DDOS to force him to backup the access lists to the core. I love it when the provider's equipment starts shutting down and their fiber fills up. It reminds me that I'm not always brought to my knees because of my size. -Jack
participants (4)
-
Eliot Lear
-
Jack Bates
-
Sean Donelan
-
Valdis.Kletnieks@vt.edu