tag:blogger.com,1999:blog-4088979.post2544765097012584309..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Mutually Assured DDoSRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-32909495580675803102008-05-21T14:29:00.000-04:002008-05-21T14:29:00.000-04:00"But wait.... if we just reboot their computers we..."But wait.... if we just reboot their computers we won't have to kill them."<BR/><BR/>These romanticized variations of the "use cyberspace for offensive operations" mantra really miss the point. Cyberspace doesn't allow for an effective Offensive Battlespace. Sure, there are some pretty cool (and necessary) things you can do and label them "Offensive Warfare", but by and large they are just classes of I, S, or R. Necessary efforts, but not really Offensive Warfare.<BR/><BR/>Breaking the enemies toys (or their ability to surf pr0n) is not the same as breaking the enemies will. To do that, he needs to see his neighbor's tent blow up spontaneously when he thought nobody knew where he was.. simply causing the blue screen won't break their will -- just look at how successful Microsoft still is. :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-43767661654426804442008-05-20T20:56:00.000-04:002008-05-20T20:56:00.000-04:00I was reading about that kid SoBe who went to jail...I was reading about that kid SoBe who went to jail for botting, and there was a comment about "these are only kids". So it seems only kids want more "power" on the net, noone else. <BR/><BR/>I find this article kinda funny. The USA have the best military and intelligence on the world, and they still pwned at 911. After these and the Vietnam war, they should realize now, not always the stronger enemy wins. I think that country is gonna burn out sooner or later. <BR/><BR/>I would give anything to work on projects like this military botnet, but it will never happen so I just keep dreaming :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-66988038325998238192008-05-19T16:00:00.000-04:002008-05-19T16:00:00.000-04:00I've read several mentions of this essay and I sha...I've read several mentions of this essay and I shake my head each time the topic comes up.<BR/><BR/>I'm not sure why we would want to "carpet bomb" anyone on the Internet. I actually do not see a reason, unless we're talking about WWIII-esque proportions. And if we are, we have other things to worry about and other kinetic means to do this. We have international economic leverages as well. Why effect cyberspace when we can just go after their power...?<BR/><BR/>Best laugh of the day was your mention of packeting someone. It just seems so childish to think that the US gov't would have a use for packeting someone using hundreds of old systems sitting in unused corners eating power, address space, and likely not updated for years, etc. What's next, email bombs? AOLNuke?<BR/><BR/>And not only that, but what about the rest of us using the Internet, just how will this carpet bomb be delivered such that it actually affects the target but doesn't affect the infrastructure as a whole? Col. Williamson's comparison between cyberspace and road systems is noble, but misunderstood.<BR/><BR/>At any rate, if I were to further attack this essay, I would offer better legal cooperation internationally in order to actually create deterrence. Does Col. Williamson think packeting some attacker is a "credible deterrent?" <BR/><BR/>I would attack the idea that the fortress mentality is dead in cyberspace. Tell that to my company's stakeholders that our perimeter and other network defenses shouldn't exist. Of note, he completely contradicts himself anyway by saying the fortress model is dead, describes the dead fortress as a series of defenses, then explains how bases currently use a defense in depth approach...huh? Fine, the perimeter is becoming more porous, but that's not a reason to say it is dead and my servers/users should just have a chain link fence up and a DDOSing botnet behind them.<BR/><BR/>For some reason, there were moments in this essay where I got the impression of the "whack-a-mole-gibson" scene in Hackers where Fisher Stevens' character can't keep up with whacking the attackers in their dramatized final showdown, only instead of Fisher and Penn pressing buttons, it's a large botnet...<BR/><BR/>I think these ideas do need to be sounded so they can be shot down, but it still feels like something out of an IRC chat room in 1996.Unknownhttps://www.blogger.com/profile/15357840241031190415noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-74010709047992705332008-05-18T15:52:00.000-04:002008-05-18T15:52:00.000-04:00Richard,Another consideration is that this approac...Richard,<BR/><BR/>Another consideration is that this approach goes against the advice of one of the USAF's strategists on information warfare, Col Gregory Rattray (8th AF, ret.). Shameless self promotion, I wrote a <A HREF="http://blog.cloppert.org/2008/05/strategic-warfare-in-cyberspace.html" REL="nofollow">brief overview of how this is the case</A> if you're interested.<BR/><BR/>-MikeAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-37590352610756566262008-05-18T01:08:00.000-04:002008-05-18T01:08:00.000-04:00I sure hope he has devised a major overhaul of the...I sure hope he has devised a major overhaul of the NIPR backbone to support such a scheme.<BR/><BR/>Even on the off-chance this eventually becomes reality, I wonder how long it would go on before some Tier 1 providers get pissed and pull the plug on the whole thing.Jeremy Stretchhttps://www.blogger.com/profile/04340661361965230690noreply@blogger.com