Re: Is there a line of defense against Distributed Reflective attacks?

[Clayton Fiske <clay () bloomcounty org>]

On Fri, Jan 17, 2003 at 06:38:08PM +0000, Christopher L. Morrow wrote:
> On Fri, 17 Jan 2003, John Kristoff wrote:
>
> > impractical).  If the sources can be tracked, perhaps they can be
> > stopped (but large  number of sources make this a scaling issue and
> > sometimes not all responsible parties are as cooperative or friendly
> > as you might like).  There is also the threat of legal response, which
> > could encourage networks and hosts to stop and prevent attacks in the
>
> Legal response to the kiddies has never shown a marked improvement in
> their behaviour. Much like the death penalty... its just not a deterrent,
> perhaps because its not enforced on a more regular basis, perhaps because
> no one thinks about that before they attack.

I think John was more referring to legal action against networks and
hosts used in the attack.

Without getting too much into the likelihood of any legal body actually
understanding anyone's role in an attack besides the attacker and the
victim, in this land where tobacco companies are sued by smokers who
get lung cancer and fast food restaurants are sued by fat people there
must be room for such cases as:

"XYZ Corp cost me $5mil in lost business. They were negligent in
securing their (network|host) from being used as a DoS attack tool
despite being informed of such by us both before and during said
attack."

Perhaps this would cause companies to take security more seriously?

Have there been any such cases to date? Did they win?

-c