Re: Government scrutiny is headed our way

[Mo <madlion () justin net>]

On Tue, 16 Jun 1998, Michael Dillon wrote:

> Government scrutiny is headed our way
> http://www.fcw.com/pubs/fcw/1998/0615/fcw-frontcyber-6-15-1998.html
>
> The feds are worried that it is too hard to track down cyber attackers.
> Although the article doesn't say this explicitly I expect that it won't be
> long before we see politicians calling for some sort of mandated tracing
> capabilities between network providers

Since it's already difficult to track down attacks, I feel that any
intervention on THIS MATTER would be welcomed by many people.  What we
must be cautious about is giving the goverment too much power in this
matter.  I fear big goverment, this often means more taxes, and
inefficiency.

> And since IOPS http://www.iops.org/ is hosted by a government funded
> agency located on the outskirts of DC, I expect that it will be involved
> in this whole thing.
>
> If we could track attacks to their source more quickly, then government
> would not feel the need to intervene. This may require some changes to
> router software but unless network operators ask for the changes, the
> manufacturers will not do it.
I agree with you fully.  I feel that few networks practice good security.
Network Engineers and Operators need to be more proactive when it comes to
security.  In my last gig, I had a small network but we had a secure
network and we prosecuted to the fullest extent of the LAW. That's what
need to happen.  If we can avoid government interventions to make this
happen then let's do it.  
 
> We need some sort of protocol that will recursively track spoofed source
> address packets back to their source one hop at a time. Given a
> destination address the protocol would track it to the previous hop router
> and recurively initiate the same tracking procedure on that router. Once
> the attack is tracked to the source, the probe would unroll and report the
> results to all routers along the probe path for logging or reporting. 
I have few questions about this.  Do we run it on the router? If yes what
type CPU and Memory load can we expect? We must realise that the router
are usually doing full BGP with upstreams and processing many different
things on locally.  Anything we do cannot take way from the proformance of
a router.
> We have seen that when misconfigured equipment can be quickly identified,
> such as the smurf amplifiers, then we can apply pressure and get things
> fixed. Similarly if we can quickly identify the source of a spoofed source
> address attack then we can apply pressure to get filters in place and have
> people arrested or secure an insecure machine as the case may be.
>
> --
> Michael Dillon                 -               Internet & ISP Consulting
> Memra Communications Inc.      -               E-mail: michael () memra com
> http://www.memra.com           -  *check out the new name & new website*
Cheers 
Moe H.