Re: New Denial of Service Attack on Panix
Ladies&Gentlemen, IMO, just 'getting the word out' in mailing lists, newsgroups and WWW sites is not an effective way to mitigate the denial-of-service attacks under consideration. Here is why..... When a security hole is found, for example a buffer problem in a networking daemon, 'getting the word out' is effective, because the end user is highly motivated to correct the problem because the problem effects whomever directly (and those who do not fix the problem only effect their sphere of influence, not the entire Internet community). However, in the instance of these DoS attacks, the lower tier ISP is not significantly motivated to take corrective actions because the results have little direct or immediate effects on business ops. Furthermore, if the provider fails to maintain the filter list or even configure the lists in the first place, little or nothing will effect day to day operations (because more pressing matters are in most businesses radar screen, i.e. surviving !) It is for this one reason; the security problem effects users *outside* the providers influence and not inside, merely providing information is a good, but not an effective, way of mitigating the situation, especially in the short term. Continuing with a suggestion..... Overly simplifed, the net is loosely organized along a routing hierarchy with level 0 transit providers at the top. The level 0 providers might agree not to provide services to lower tier providers or customers that do not provide a means of verifying that source route filters are in place (repeat this for lower tiers ...... ) { what is the international organization to do this?, or should there even be one ?) Also, to make matters easier, a WG might be formed, chaired by level 0 provider(s) perhaps, working on both the admin policy and a set of software verification tools to do verification 'magic' on the filters as envisioned by the WG. Furthermore, because the success of this venture is important to, not only providers, but commerce as a whole, ISI, MERIT, or some other org with hooks into the Internetworking Money Flow (IMF :) from NSF or DARPA, etc. might consider putting together a white paper to request additional funding to develop the software tools and manage the releases. Hopefully.... this idea is not falling on 'blind eyes' (as opposed to 'deaf ears' :-) IMO, just 'getting the word out' is not enough to take a significant bite out of this problem. The first step to significantly mitigate DoS attacks has been taken (getting the word out), but, IMO, a greater, second step should be in our radar now. Thanks for your patience, Tim
participants (1)
-
Tim Bass