nanog mailing list archives

Re: My First Denial of Service Attack..... (fwd)

From: Tersian <tersian () leba net>
Date: Tue, 8 Oct 1996 17:50:05 -0400 (EDT)

Back to your example.  IMO: The providers would be at a liability risk
if they did not provide reasonable measures to insure that they did
not contribute to the damages done to another party.  This is like
other liabilities where if someone is injured you are at risk unless
you did everything reasonable to prevent putting other people in harms
way.


The only problem I forsee with this is the means for security 
measures. We are talking about corporate America and not the military. 
The only way I can see taking appropriate steps it to come up with a book 
such as the DoD Orange Book (Trusted Systems Security) for commercial 
hosts. 

It would be quite a task to come up with such a book that would take in 
account all the loopholes and liabilities, and even then, who would 
enforce the regulations?


  Given this interpretation, compromised.jumpoff.com would be at

risk if they could be shown negligent in the administration of their
site.


I agree, but what if compromised.jumpoff.com was simply lacking the 
manpower or the skills to completely secure their systems to the best of 
current security knowledge? If they believed that they had a secure site, 
and no one could prove that they were negligent(besides not hiring the 
best security consultant avaiable) then who is at fault?


  If they left the door wide open to hackers, IMO they'd be at

risk.


How does one do this?

%cat /etc/motd

**************
BrokenOS 2.1 Beta

Hello hackers!

Welcome to compromised.jumpoff.com, please use us for hacking purposes only!

**************

:)))

If they were warned due to prior incidents and continued to

leave the door wide open, they'd be very seriously at risk.


And they would also be very stupid :)


The community needs to come up with a set security standards for different 
types of hosts, where it be a NAP, a NOC or an IAP or ISP. It needs to be 
comprehensive and contain software and support for early detection and 
audit, as well as wrapping and hacker deterrent mechanisms.



Ben
- - - - - - - - - - - - - - - - -

Current thread:

RE: My First Denial of Service Attack..... (fwd) Michael Dillon (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- <Possible follow-ups>
- RE: My First Denial of Service Attack..... (fwd) Tim Salo (Oct 06)
  - Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
    - Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 06)
    - Re: My First Denial of Service Attack..... (fwd) Eric Ziegast (Oct 07)
    - Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 07)
    - Re: My First Denial of Service Attack..... (fwd) Curtis Villamizar (Oct 08)
    - Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 08)
    - Re: My First Denial of Service Attack..... (fwd) Ed Morin (Oct 07)
- Re: My First Denial of Service Attack..... (fwd) Eric Ziegast (Oct 07)
- Re: My First Denial of Service Attack..... (fwd) Eric Kozowski (Oct 07)