Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Linode DDOS postmortem



On 2016-01-31 11:07 -0200 (Sun), SCHWARTZ, Fernando G. wrote:

> But it's PR damage contol to me now that people realize most 
> infrastructures are just vulnerable even with all patches applied, best 
> practices in place and a monkey looking at a screen 24/7.

They wouldn't have been so vulnerable if they'd been using "best
practices"; the biggest issue, from the looks of it, was that they were
not dealing with transit providers directly, but were relying on others
to handle that. And that's precisely what they've changed.

Given that, and that entirely unpatched systems from 1997 would have
been just as vulnerable to this (since this had pretty much nothing at
all to do with the operating systems running on the servers), I don't
find your argument too plausible.

> Many times "FBI" officials spoke about giving up trying to crack places 
> like Ukraine with just not enough international legislation and the 
> current affairs of corruption in such places.

Again, I don't really see how this applies; this sort of attack could
easily be set up and controlled entirely from within the United States
or any other country of your choice as well. Keep in mind that here,
unlike with phishing scams or whatever, everything is done purely over
the Internet, so there's no financial or similar trail to follow.

On 2016-02-01 12:16 +0900 (Mon), Charles Muller wrote:

> ...saying that the attacks were on a scale that could only be mounted
> by a good-sized corporation, or even a state.

Actually, my suspicion is that attacks on this scale are more likely
to be non-state actors. Keep in mind that that the obvious and by far
most effective infrastructure from which to stage these attacks is not
groups of servers but a "botnet": PCs on the end of consumer Internet
connections spread as widely over the world as possible. Building
a botnet of any decent size is an extremely invasive and, in most
countries, highly illegal process. Not that blatent illegality has ever
stopped the NSA before, but traditonally governments tend to be a lot
more wary of doing this sort of thing than private actors. (Think about
it: are we really worried about China using a dirty suitcase nuke on
NYC? No, we're much more worried about terrorists doing it, even though
China clearly has the capibility to do this and it's dubious whether any
terrorists do.)

cjs
-- 
Curt Sampson         <cjs@example.com>         +81 90 7737 2974

To iterate is human, to recurse divine.
    - L Peter Deutsch


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links