http://www.symbiot.com/media/iwROE.pdf The Symbiot whitepaper on their service describes a process with a little more imagination and use than simply flooding attacking nodes with packets. It describes a process which appears to require human intervention through an Operations Center to aid in tracking down offending nodes and notifying the offenders service providers prior to an deployment of active defenses. That being said, it also specifically mentions "distributed denial of service counterattacks" as a not quite so last resort, and possibly automated response gesture for multiple identified offenders with whom intervention from service providers and other authorities has not been forth coming. I applaud the idea of a outsourced department that will manage the denial of service, and "hordes of script kiddie" (nod to Ranum) problems that plague modern networks. Anything that keeps me from being distracted from more interesting lines of thought, rather than constantly following up on outside nuisances is a Good Thing (tm). However, the deployment of "active defenses" in response to a failure of service providers to adequately secure their egress and ingress points is not a choice any reasonable person would make. Vigilante justice might be rewarding in the short term, but I choose not to leave the judgment of friend and foe in the hands of someone with large amounts of bandwidth at the tips their itchy trigger fingers. James Baldwin WorldWide Technology, Services, and Operations Operations Center Electronic Arts, Inc.
On Thu, 11 Mar 2004, Baldwin, James wrote:
I applaud the idea of a outsourced department that will manage the denial of service, and "hordes of script kiddie" (nod to Ranum) problems that plague modern networks. Anything that keeps me from being distracted from more interesting lines of thought, rather than constantly following up on outside nuisances is a Good Thing (tm).
There are hundreds of managed security providers which happily take your money, analyze your firewall and other security logs, monitor "underground" sources, notify service providers on your behalf, etc. There a many "black lists" operated by for-profit and non-profit organizations which will block not only the compromised computer, but also hundreds of other computers to "get the attention" of people. Most are reputable. But the security industry is full of puffery like home alarm companies promising their customers "armed response." "Armed response" may be armed, but its doubtful they will go charging into your house with guns blazing when your house alarm goes off. This company's P.R. firm has succeeded in getting people talking about a company without a released product. I suspect when they finally do release their product, it will be much less than the hype. Perhaps people could recommend some managed security firms with good reputations. Unfortunately, the best ones also seem rather dull. They understand there are no magic solutions and don't pretend to have "secret sauce." It just basic hard work.
participants (2)
-
Baldwin, James
-
Sean Donelan