Who has the biggest wall of big screen monitors?
http://www.washingtonpost.com/wp-dyn/articles/A3409-2003Jan30.html
Who has the biggest wall of big screen monitors?
To my knowledge, Norad still does.
<quoted from article>
The "Global Early Warning Information System," (GEWIS, pronounced
"gee-whiz")
[...]
Mark Rasch, former head of the Justice Department's Computer Crime division,
questioned the need for GEWIS. With most Internet attacks, he said, by the
time you notice a huge spike in traffic, it's already too late to head off
disruptions.
</quote>
"GEWIS, man. Look at all 'dem red marks. I thought they said a couple hours.
It was all pretty and green a minute ago. Who'd do such a thing? They're
ruining my pretty screen."
I question any government plan when some providers have made it perfectly
clear that they are either a) not willing to help track DDOS origination
points or b) they are incompetent to do so. Perhaps I should ammend that, if
you are not a world known corporation, the above might be true. Now the
government will interlink communications between large providers to assist
in this. My question is why large providers couldn't interlink themselves
and establish guidelines for notification and resolution of network issues.
They manage it for peering, why not for overall performance and security
issues? Is it better to have a close relationship with the government than
it is your competitor? I'm still waiting for someone to contact me
reguarding the results of the DDOS assistance I asked for over four months
ago for an attack that was actively monitored for well over 24 hours.
Honestly, I don't think it was worth their time. Once blocked in their oc192
core, their network stabilized and it wasn't worth looking further into. I
expect the bots are probably still in operation today causing havoc because
not one of them was tracked and shut down.
-Jack
"I'll get back to you Tuesday or when NANOG posts embarrass me" works for
peering issues, but not for security issues.
Actually it works about as well for both issues. When John Markoff from
the New York Times calls companies take an interest.
The reality is companies act in their own self-interest. Both peering
and security have asymetric costs, i.e. more pain or gain for one of the
parties. Being a "good neighbor" is noble, but it doesn't pay. Although
everyone could win if all parties cooperated, one party has an advantage
by defecting because they save the expense but still get the benefit of
everyone else doing it (tragedy of the commons, prisoners' delima, etc).
What is interesting is the flip between large and small providers on who
benefits the most from peering or security.
Peering is a much bigger "win" for a smaller provider than a large
provider. So the small provider has an incentive to peer, while the large
provider doesn't. For the large provider, peering is just another
expense they would prefer not to spend.
On the other hand, security is a much bigger "win" for a larger provider
than for a small provider. As Willie Sutton use to say, he robbed banks
because that's were the money was. Larger providers have more exposure,
and more to loose. Even a non-directed attack such as a worm tends to
impact larger providers more than smaller providers. The larger provider
has more incentive to work on security. For a small provider, security is
just another expense they would prefer not to spend.
And let's face it, bank security exists to protect the bank's money.
<snip>
On the other hand, security is a much bigger "win" for a larger provider
than for a small provider. As Willie Sutton use to say, he robbed banks
because that's were the money was. Larger providers have more exposure,
and more to loose. Even a non-directed attack such as a worm tends to
impact larger providers more than smaller providers. The larger provider
has more incentive to work on security. For a small provider, security is
just another expense they would prefer not to spend.
<snip>
I completely agree. Yet large providers have peer coordinators and many lack
security coordinators or liaisons. Perhaps it's just the provider I reported
the incident to, and I may find better luck with my new providers. To be
honest, I don't think my old provider would have done much of anything
except that it was a large enough DDOS to force him to backup the access
lists to the core. I love it when the provider's equipment starts shutting
down and their fiber fills up. It reminds me that I'm not always brought to
my knees because of my size.
-Jack