Counter DoS

On Thu, Mar 11, 2004 at 03:21:29AM -0500, Brian Bruns said something to the effect of:

..snip snip..

> How the hell could a company put something like this out, and expect not to
> get themselves sued to the moon and back when it fires a shot at an innocent
> party?

Caution: 'innocent' is not the buzzword here. Subscribers: check your
respective AUPs. You will likely find explicit prohibition of any malicious
and generally unsolicited traffic generated by a node in your control, and I
don't think that self-defense has an extenuation clause or special case
appendix therein.

You attack an attacker, he, too, can pursue you legally. There are not
provisions made for DoS-ing a DoS-er. Vigilante nonsense is discouraged.

..snip snip..>

Whats going to happen when they find a nice little exploit in these buggers
(even if they have anti-spoof stuff in them) that allows the kids to take
control of them or trick them into attacking innocents? Instead of thousands
of DDoS drones on DSL and cable modems, you'll see kids with hundreds of these
'nuclear stike firewalls' on T1s, T3s, and higher, using them like they use
the current trojans?

This won't even require a exploit to effect.

These boxes can likely be used to do the bidding of miscreants with some
simply-crafted packets and source spoofing. This thing could become
something akin to a smurf amp with a big-time attitude problem. Anti-spoof
rules will afford a modicum of reverse-path protection, but not enough
to swat away the majority of inbound crafted traffic. This stupid PoS
appliance would have to be installed and widely-deployed provider-side to
discern on such a level.

This would become the stuff of yet-another-botnet.

No product is 100% secure (especially not something that runs under Windows,
but thats another issue), so how are they going to deliver updates?

This is the least of their concerns; update management is already done
effectively and easily by most IDS, anti-virii, and other signature-based
appliance manufacturers. Snakeoil salesmen offer at the most basic a
valid means of distributing updates, even.

Or make sure that the thing is configured right?

Now _that_ is a real problem.

Given that no one has beaten the creators with the illustrious clue
stick and anyone who'd truly subscribe to this thing is likely mis-wired
him/herself, I would guess that poor configuration is an engineering
cornerstone on which this entire debacle desperately depends.

Flog the scoundrels.