Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
From: "Buhrmaster, Gary" <gtb () slac stanford edu>
Date: Mon, 6 Oct 2008 13:09:38 -0700
 

Which is easier to shut down, an attack coming from a relatively small
number of /16s that belong to the government, or one coming from the
same number of source nodes scattered *all* over Comcast and Verizon
and BT and a few other major providers?

Hint 1: Consider the number of entry points into your network 
for the two cases, especially if you are heavily peered with one or more 
of the source ISPs.  


The Federal Government (through its "Trusted Internet
Connection" initiative) is trying to limit the number
of entry points into the US Government networks.
(As I recall from 4000 interconnects to around 50,
where both numbers have a high percentage of politics
in the error bar.)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]