Re: A question for the list...
From: Kevin Reardon (Kevin.Reardon_at_oracle.com)
Date: 05/20/03
- Previous message: Benjamin Tomhave: "RE: A question for the list..."
- In reply to: Mark Ng: "RE: A question for the list..."
- Next in thread: Rob Shein: "RE: A question for the list..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 May 2003 13:15:03 -0700 To: Mark Ng <laptopalias1-mark@informationintelligence.net>
Yes they are innocents. If you rent a house though an agency and they
rent it to a crack dealer, and you live in another state, how do you
know he is dealing crack? Are you guilty of allowing your premises to
be used in an illegal manner? In situations like this, Meat Space uses
a trusted third party to enforce the rules (police and the UN
sometimes). Such a third party does not exist in Cyberspace, nor with
the existing protocols could it without a restructure of OS's or the
transport protocols.
Automated alerts could become shrapnel in an attack. They could be
spoofed, would be subjected to the same software issues any program has
(bugs) and even a false alert could send an ISP to chasing its tail.
---K
Mark Ng wrote:
>
> Just 2 cents -
>
> >
> > Is this proposal a vaccine, or could it unleash such collateral damage
> > as to make the Internet useless? Keep in mind that the "attackers" are
> > more then likely compromised systems, and are thus "innocents." But is
>
> Are owners of long term compromised systems really "innocents"? If people
> have left systems compromised with worms that are attacking other networks
> and reports have been ignored for significant amounts of time, then surely
> the compromised party are guilty of negligence ?
>
> Personally, I think there are merits to some kind of "strikeback" system,
> but it has worse than dubious legality, and would definitely be abused
> (without a question). I think that ISP's need to make a more active role in
> this, and actively threaten to cut off customers whos compromised systems
> are attacking other networks on the internet.
>
> Perhaps rather than a strikeback system, something similar to ARIS could be
> used to send automated alerts to ISP's warning them that x number of their
> customers have the latest worm. In the event that ISP's are non-compliant,
> and don't deal with their infected customers, peering points could agree to
> enforce this upon ISP's.
>
> This is much preferable to doing things that may or may not be morally
> correct, but are a legal minefield.
>
> Thoughts ?
>
> Regards,
>
> Mark Ng (www.informationintelligence.net)
----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
- Previous message: Benjamin Tomhave: "RE: A question for the list..."
- In reply to: Mark Ng: "RE: A question for the list..."
- Next in thread: Rob Shein: "RE: A question for the list..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
