Re: Attn MCI/UUNet - Massive abuse from your network

["Jeff Shultz" <jeffshultz () wvi com>]

Has anyone noticed that the DHS plan is probably closer to the current
status of things than the FCC one is? 

AFAIK, Currently this information _isn't_ required to be publicly
reported. The FCC wants it to be. 

DHS would prefer that it be semi-public at best - just like Michael
Dillion wants.  

Three options:
1. Status quo - no gov't reporting requirements
2. FCC proposal - completely public reporting requirements 
3. DHS proposal - limited access reporting requirements

Food for thought: Could an analyst, looking at outage reports over a
period of time, build a schematic that would demonstrate that if you
took out  n points, you'd kill x% of data traffic in and out of
$pickyourmetropolitanarea? 

If this analyst were working for Bin Ladin....

Some ad hoc terrorists, in a country crawling with US troops, with a
communications infrastructure nowhere as advanced as the USA just
managed to coordinate a multiple bomb attack simultaneously. 

What could they do here with the right information? 

Should we hand them this information freely? 

At least if someone in this "clearing house" sells it to the
terrorists, they will have had to work for it a bit, instead of having
us hand it to them on a silver platter, as the FCC seems to want.  

Let the flames continue.

** Reply to message from Scott McGrath <mcgrath () fas harvard edu> on
Fri, 25 Jun 2004 11:22:51 -0400 (EDT)

> Well said sir!
>
>                             Scott C. McGrath
>
> On Fri, 25 Jun 2004 Michael.Dillon () radianz com wrote:
>
> > > From the AOL theft article:
> > >  "The revelations come as AOL and other Internet providers have
> > > ramped up their efforts to track down the purveyors of spam, which
> > > has grown into a maddening scourge that costs consumers and
> > > businesses billions of dollars a year."
> >
> > Interesting. An insider at a network operator steals
> > a copy of some interesting operational data and sells
> > it to a 3rd party with an interest in doing nasty things
> > with said data.
> >
> > And if Homeland Security really does require all outages
> > to be reported to a clearing house where only network
> > operations insiders can get access to it, then what?
> > Will someone sell this to a terrorist organization?
> >
> > Better to leave all this information semi-public as
> > it is now so that we all know it is NOT acceptable
> > to build insecure infrastructure or to leave infrastructure
> > in an insecure state. Fear of a terrorist attack is
> > a much stronger motive for doing the right thing
> > than a government order to file secret reports to
> > a secret bureaucratic agency.
> >
> > --Michael Dillon

-- 
Jeff Shultz
A railfan pulls up to a RR crossing hoping that
there will be a train.