Re: Solution: Re: Huge smurf attack

[Phil Howard <phil () whistler intur net>]

Peter Swedock wrote:

> Given all that, is it hard to beleive that some-one, moderately skilled in
> networking but extreme in political views, attempted to shut down this page by
> shutting down Mindspring?

By attacking specifically the IRC server?  They would probably get better
DoS results by attacking the web server (or the link it's on if it's down
stream from Mindspring).  Someone who thinks attacking irc.mindspring.com
will bring down Mindspring deserves to be labeled a "script kiddie" even
if they were really aiming at www.christiangallery.com.


> This is the real world, people. This isn't the goodgeeks vs. the skriptkiddiez
> in their own private internet bubble.  It is entirely plausible (even likely,
> given the timing of the case opening Friday, the subsequent publicity and the
> "huge smurf attack" Saturday...) that this was a political act, and guess
> what... we're squeezed in the middle. It ain't about which side of the debate
> any on NANOG will fall on, but the fact that the debate may be falling on us.

Well I won't rule out you being right on this, but I believe the probability
is low because of the fact the attack was to the IRC server.  Quite possibly
one of the script kiddies that usually spends their time attacking IRC servers
specifically aimed at this one based on that political motivation.


> > The cause of burglaries and thefts is bad people.
>
> But the cause of political terrorism is extreme people.  I think that, if this
> smurf attack was in response to the web page "The Nuremburg Files", it is an
> act of terrorism in response to an act of terrorism: that is to say the page is
> extreme, so why do we not expect responses to it to be extreme?  And, in the
> middle, network engineers putting out the fires... networks being the
> battlegrounds that these people have chosen.

Whether or not the page is terrorism is the subject of the debates and hearings
that are not on this mailing.  The DoS attack could well be classified as such
an act either way.


> > I admire Mindspring's position of making Internet access unrestricted.
> > But what is the real motivation?  Is it the goal of "perfect IP" or is
> > the business case of decreasing tech support costs?  They are, afterall,
> > in the business of providing consumer dialup access, and as we all know
> > that line of business is very costly in areas of tech support.  Network
> > attacks are also a real cost.  I would suggest that treating some of the
> > symptoms, at least for now, will cut some costs until the day that we
> > can achieve the utopian goal of the perfect solution to the cause.
>
>
> But if you want "unrestricted internet access" you'll get pages like "The
> Nuremburg Files" and you'll get people who object to that...

We do not offer unrestricted access.  But our restrictions are different.
For example, we do not allow source addresses other than our netblocks,
and we do not allow dialups to access TCP port 25 outside of our network.
We also have a no IRC bots policy on our shell accounts and colocations.

As for web page content, we do not make such judgements.  If a court orders
us to take down a web page we will.  If a web page becomes the target of an
attack that disables other services to other customers, then we will take
down that web site.  But we can do that entirely without examining what the
content is.


> I don't know what the solution is... but I do think we'll all be better off
> opening our eyes to the situation, rather than simply blaming the
> 'skriptkiddiez'.

Well, your point is that there are, or at the very least can potentially
be, more than just skriptkiddiez.  Political terrorism and others can be
real sources of problems.  The skriptkiddiez may well be a dress rehersal.

-- 
 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at intur.net        |  --
    -- *-----------------------------*      phil at intur.net        * --