Counter DoS

Mailman List Mirror (Read Only)
1

http://www.symbiot.com/media/iwROE.pdf

The Symbiot whitepaper on their service describes a process with a
little more imagination and use than simply flooding attacking nodes
with packets. It describes a process which appears to require human
intervention through an Operations Center to aid in tracking down
offending nodes and notifying the offenders service providers prior to
an deployment of active defenses.

That being said, it also specifically mentions "distributed denial of
service counterattacks" as a not quite so last resort, and possibly
automated response gesture for multiple identified offenders with whom
intervention from service providers and other authorities has not been
forth coming.

I applaud the idea of a outsourced department that will manage the
denial of service, and "hordes of script kiddie" (nod to Ranum) problems
that plague modern networks. Anything that keeps me from being
distracted from more interesting lines of thought, rather than
constantly following up on outside nuisances is a Good Thing (tm).
However, the deployment of "active defenses" in response to a failure of
service providers to adequately secure their egress and ingress points
is not a choice any reasonable person would make. Vigilante justice
might be rewarding in the short term, but I choose not to leave the
judgment of friend and foe in the hands of someone with large amounts of
bandwidth at the tips their itchy trigger fingers.

James Baldwin
WorldWide Technology, Services, and Operations
Operations Center
Electronic Arts, Inc.

2

There are hundreds of managed security providers which happily take your
money, analyze your firewall and other security logs, monitor
"underground" sources, notify service providers on your behalf,
etc. There a many "black lists" operated by for-profit and non-profit
organizations which will block not only the compromised computer, but
also hundreds of other computers to "get the attention" of people.

Most are reputable. But the security industry is full of puffery like
home alarm companies promising their customers "armed response." "Armed
response" may be armed, but its doubtful they will go charging into your
house with guns blazing when your house alarm goes off.

This company's P.R. firm has succeeded in getting people talking about
a company without a released product. I suspect when they finally do
release their product, it will be much less than the hype.

Perhaps people could recommend some managed security firms with good
reputations. Unfortunately, the best ones also seem rather dull. They
understand there are no magic solutions and don't pretend to have
"secret sauce." It just basic hard work.