Since it has the potential to make everyone's jobs here more interesting, I
thought I'd bring it up and get everyone's opinion. This company claims to be
developing a "security solution" that claims to "fight back" against attackers.
I'm sure I'm not the only one here who thinks this is a tremendously bad idea.
I'll let you guys tear it apart; take a look at their "white paper" and press
release, both of which are dripping with enough war analogies and corporate
bizspeak to make any self-respecting techie cringe.
http://symbiot.com/
Read through it. Its almost as if it was written by our current president's
staff - a lot of analagies come to me like SDI/starwars, 'protect your
soil on foreign land' and 'strike back before they do' (without of course
any serious proof that they are doing anything). And through it all you
find absolutly know exact details on what they are planning to do and why.
But to be perfectly honest after I saw that some of the press-release people
were from Network Solutions (their "information warfare" specialist - wouldn't
that be more proper to say about NSI/Verisign's marketing staff or their
lawyers :), I'm not certain if this is just a big hupla to market itself
and make big money on things you probably dont need and that are not
effective or if it is really serious threat to stability of the net
(from NSI you can expect either way...).
But its only 30 days before they promise to provide details, so its fine
by me to wait until they do and for now treat current info as just self-
marketing that should be ignored until we know what they are going to offer.
Here is a quote from their press-release I especially like:
... "Symbiot has introduced the first and only tool that intelligently and
accurately responds to hostile attacks against enterprise networks", said
Richard Forno, former chief security officer for Network Solutions, and a
noted information warfare specialist. "While other companies offer only
passive defense barriers, Symbiot provides the equivalent of an active
missile defense system" ...
Information Warfare? Given the state of the industry, what we need is
Information Welfare.
Richard A Steenbergen wrote:
i was working on some government defense type projects (not SDI)
back when SDI was the big rage. we all thought that the SDI
was DoD contractor welfare at the time (mostly because it reduced
the funds available to us non-SDI types.)
richard
Lovely. So not only do we now have to fend off attacks from script kiddies
and packet monkies, we now have to fend off attacks from idiot sysadmins who
set this tool up and allow it to go all out on supposed 'attacks' against
their systems.
I'll share my favorite goober with firewall story. When I was a
sysadmin/netadmin at a large ISP, I used to get these 'attack' reports from
clueless users all the time. I could identify which tool they used just by
how the body of the message looked and how the 'attack' was described. Got
ones saying that my performance testing server (which sometimes did ping scans
across the dialups to see what the general response time was) was 'attacking'
the user's machine with a single ICMP echo. Or how our IRC server was trying
to attack the user on the ident port every time they tried to connect.
Of course, the best one was when a supposed 'security expert' called up and
complained how my two caching DNS servers for the T1 customers was attacking
his entire network on port 53 UDP. He had naturally filtered the 'attack'
because it was obvious that our Linux DNS servers were infected with one of
the latest Windows viruses going around, and suddenly noone on his network
could browse the web anymore.
So, let me ask the question, do we really want people like that having a tool
which autoresponds to attacks with attacks? At least when he filtered out our
DNS traffic, it only affected his network... But imagine if he had launched
an attack against my DNS servers in response? Yeah, thats a great idea.
Of course, now that the AHBL does its own proxy testing, we get all sorts of
fun reports from end users about our 'attacks' against their machines. Latest
one demanded I tell her why we had scanned her, but wouldn't tell me her IP
address or when the scan happened exactly, claiming that I had done the scan,
so I should know what IP she is. Too bad I test over 100,000 IP addresses
daily for open proxies....
Lets not even get into the legal consequences for a tool like this, especially
if it backfires and launches an attack against the NIPC, for example.
I think the company's name Symbiot, which is apparently a witty contraction of two English words, says it all:
Main Entry: sym�bi�o�sis
Pronunciation: "sim-bE-'O-s&s, -"bI-
Function: noun
Inflected Form(s): plural sym�bi�o�ses /-"sEz/
Etymology: New Latin, from German Symbiose, from Greek symbiOsis state of living together, from symbioun to live together, from symbios living together, from syn- + bios life -- more at QUICK
1 : the living together in more or less intimate association or close union of two dissimilar organisms
2 : the intimate living together of two dissimilar organisms in a mutually beneficial relationship; especially : MUTUALISM
3 : a cooperative relationship (as between two persons or groups) <the symbiosis... between the resident population and the immigrants -- John Geipel>
- sym�bi�ot�ic /-'�-tik/ adjective
- sym�bi�ot�i�cal�ly /-ti-k(&-)lE/ adverb
Main Entry: id�i�ot
Pronunciation: 'i-dE-&t
Function: noun
Etymology: Middle English, from Anglo-French ydiote, from Latin idiota ignorant person, from Greek idiOtEs one in a private station, layman, ignorant person, from idios one's own, private; akin to Latin suus one's own -- more at SUICIDE
1 usually offensive : a person affected with idiocy
2 : a foolish or stupid person
- idiot adjective
It is apparently a system to allow idiots to live together with other idiots. I'm assuming that one of the idiots is the device manufacturer and the other is the customer. 
-Robert
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Good will, like a good name, is got by many actions, and lost by one." - Francis Jeffrey