Home page logo

nanog logo nanog mailing list archives

Re: On the back of other 'security' posts....
From: Owen DeLong <owen () delong com>
Date: Sat, 30 Aug 2003 10:03:40 -0700

Yet more spoofed traffic aimed at the SORBS nameservers - this time
enough to crash a core router of my upstream...  Hopefully the commercial
damage now may insite people getting damaged by these DDoSes to start
proceedings against those ISPs whom continue to show a lack of
respobsibility and allow unfiltered spoofed DDoS traffic from their
networks.  Certainly I have been told to talk to various US authorities
about the problem, and will be doing so as soon as I have the nessesary

The ISPs aren't who should be sued.  The people running vulnerable systems
generating the DDOS traffic and the company providing the Exploding Pinto
should be sued.  An ISPs job is to forward IP traffic on a best effort
basis to the destination address contained in the header of the datagram.
Any other behavior can be construed as a breach of contract.  Sure, blocking
spoofed traffic in the limited cases where it is feasible at the edge would
be a good thing, but, I don't see failure to do so as negligent.  Where
exactly do you think that the duty to care in this matter would come from
for said ISP?

In the mean time a plea to people on this list in all countries - watch
for the DDoS attacks (particually against,, & and stop the damn traffic before you are
held responsible for your customers actions.  There is still a 10k pps
SYN flood occuring 8 hours later - this is being rate limited upstream.

Again, I just don't see where an ISP can or should be held liable for
forwarding what appears to be a correctly formatted datagram with a valid
destination address.  This is the desired behavior and without it, the
internet stops working.  The problem is systems with consistent and
persistent vulnerabilities.  One software company is responsible for
most of these, and, that would be the best place to concentrate any
litigation aimed at fixing the problem through liquidated damages.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]