Re: Internet Monitoring Center
From: Sean Donelan Who has the biggest wall of big screen monitors? To my knowledge, Norad still does. quoted from article The Global Early Warning Information System, (GEWIS, pronounced gee-whiz) [...] Mark Rasch, former head of the Justice Department's Computer Crime division, questioned the need for GEWIS. With most Internet attacks, he said, by the time you notice a huge spike in traffic, it's already too late to head off disruptions. /quote GEWIS, man. Look at all 'dem red marks. I thought they said a couple hours. It was all pretty and green a minute ago. Who'd do such a thing? They're ruining my pretty screen. I question any government plan when some providers have made it perfectly clear that they are either a) not willing to help track DDOS origination points or b) they are incompetent to do so. Perhaps I should ammend that, if you are not a world known corporation, the above might be true. Now the government will interlink communications between large providers to assist in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues? Is it better to have a close relationship with the government than it is your competitor? I'm still waiting for someone to contact me reguarding the results of the DDOS assistance I asked for over four months ago for an attack that was actively monitored for well over 24 hours. Honestly, I don't think it was worth their time. Once blocked in their oc192 core, their network stabilized and it wasn't worth looking further into. I expect the bots are probably still in operation today causing havoc because not one of them was tracked and shut down. -Jack
Re: Internet Monitoring Center
On Thu, 30 Jan 2003 04:21:40 CST, Jack Bates [EMAIL PROTECTED] said: in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues? I'll get back to you Tuesday or when NANOG posts embarrass me works for peering issues, but not for security issues. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg08770/pgp0.pgp Description: PGP signature
RE: Internet Monitoring Center
I very much agree with Vladis here. I'm probably stating the obvious, but.. One of the major points visible during virtually any one of these significant security events is the way coordination works, how well processes are defined and how well they end up working in terms of tactical detection response. Sure, strategic preparation is crucial, too, laying the ground work for tactical activities, but ultimately it matters how well you can execute and communicate. Question on my mind is just how much more aggressive the impact of a worm etc can be before it overwhelms the ability to coordinate effectively to stop it before everything goes critical. As we gear up on the service provider side, the other side in this arms race tries to think of new ways to create maximum damage quickly. If they fail to beat the their victims to the punch, they fizzle. I don't believe that a large scale monitoring center is effective in the long run as communication becomes evermore pervasive. I believe a coordination/communication's facility is far more effective, and we'd all be better served with that. But unless we can demonstrate that information overload along the lines of more isn't necessarily better doesn't increase effectiveness, these knee jerk reactions (with secondary agendas) will continue ever since they were kicked off post-9/11. In fact, I don't think it's all that far off to think that the scale required will tie up tremendous resources and just be in itself another target for being DoS'ed by way of information overload. And I'm not even going to go down the road of all the concerns of what happens with the massive amount of information being collected, in a jurisdiction lacking effective privacy protection as it is. YMMV. Thanks, Christian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Thu, 30 Jan 2003 04:21:40 CST, Jack Bates [EMAIL PROTECTED] said: in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues? I'll get back to you Tuesday or when NANOG posts embarrass me works for peering issues, but not for security issues. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech * The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.
Re: Internet Monitoring Center
I say to that... http://www.ofcourseimright.com/~lear/fishbowl.jpg
Re: Internet Monitoring Center
On Fri, 31 Jan 2003 [EMAIL PROTECTED] wrote: in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues? I'll get back to you Tuesday or when NANOG posts embarrass me works for peering issues, but not for security issues. Actually it works about as well for both issues. When John Markoff from the New York Times calls companies take an interest. The reality is companies act in their own self-interest. Both peering and security have asymetric costs, i.e. more pain or gain for one of the parties. Being a good neighbor is noble, but it doesn't pay. Although everyone could win if all parties cooperated, one party has an advantage by defecting because they save the expense but still get the benefit of everyone else doing it (tragedy of the commons, prisoners' delima, etc). What is interesting is the flip between large and small providers on who benefits the most from peering or security. Peering is a much bigger win for a smaller provider than a large provider. So the small provider has an incentive to peer, while the large provider doesn't. For the large provider, peering is just another expense they would prefer not to spend. On the other hand, security is a much bigger win for a larger provider than for a small provider. As Willie Sutton use to say, he robbed banks because that's were the money was. Larger providers have more exposure, and more to loose. Even a non-directed attack such as a worm tends to impact larger providers more than smaller providers. The larger provider has more incentive to work on security. For a small provider, security is just another expense they would prefer not to spend. And let's face it, bank security exists to protect the bank's money.
Re: Internet Monitoring Center
From: Sean Donelan snip On the other hand, security is a much bigger win for a larger provider than for a small provider. As Willie Sutton use to say, he robbed banks because that's were the money was. Larger providers have more exposure, and more to loose. Even a non-directed attack such as a worm tends to impact larger providers more than smaller providers. The larger provider has more incentive to work on security. For a small provider, security is just another expense they would prefer not to spend. snip I completely agree. Yet large providers have peer coordinators and many lack security coordinators or liaisons. Perhaps it's just the provider I reported the incident to, and I may find better luck with my new providers. To be honest, I don't think my old provider would have done much of anything except that it was a large enough DDOS to force him to backup the access lists to the core. I love it when the provider's equipment starts shutting down and their fiber fills up. It reminds me that I'm not always brought to my knees because of my size. -Jack
Internet Monitoring Center
Who has the biggest wall of big screen monitors? http://www.washingtonpost.com/wp-dyn/articles/A3409-2003Jan30.html