[OT somewhat] DDOS attacks, where to report?
Jonathan Ben Avraham
yba at tkos.co.il
Sun Jan 27 08:51:07 IST 2013
Hi Shimi,
The policy that I would expect is:
1. Possibly requiring licensed ISP's to offer extended anti-cyber-attack
protection, for an extra price.
2. Requiring licensed ISP's to provide a specific basic level of cyber
security as part of every offering.
3. Requiring reporting of cyber attacks that pass some level of damage
or persistence or that can be identified as originating with a particular
organization to a national information center.
4. Requiring on-line financial services and other specified services to
implement specific security policies.
It's clear that the country is under concerted attack. I also know that
*something* is being done or at least discussed at the national level.
What appears to be lacking is protection for the smaller organizations and
service providers.
- yba
On Sun, 27 Jan 2013, shimi wrote:
> Date: Sun, 27 Jan 2013 08:33:50 +0200
> From: shimi <linux-il at shimi.net>
> To: Jonathan Ben Avraham <yba at tkos.co.il>
> Cc: ILUG <linux-il at cs.huji.ac.il>
> Subject: Re: [OT somewhat] DDOS attacks, where to report?
>
>
>
> On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham <yba at tkos.co.il> wrote:
> On Sun, 27 Jan 2013, shimi wrote:
>
> Date: Sun, 27 Jan 2013 00:30:02 +0200
> From: shimi <linux-il at shimi.net>
> To: Jonathan Ben Avraham <yba at tkos.co.il>
> Cc: ILUG <linux-il at cs.huji.ac.il>
> Subject: Re: [OT somewhat] DDOS attacks, where to report?
>
> On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham <yba at tkos.co.il> wrote:
>
> This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2
>
>
> This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime.
>
> Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to
> understand
> why you think this law is relevant on our case...
>
>
>
> Hi Shimi,
> This law is in fact applied to ongoing crime as well as futire crime. It's not enough that you know someone has been trafficking Ukrainain girls for two years already to exempt you from reporting it if you find out about it.
>
>
> This is not an ongoing crime. Your friend server is offline, the attacker noticed and stopped bombarding. ISP is happy. That's the reason they disconnected your friend at the first place - they knew their infrastructure will no longer be attacked
> when they do. This is the reason why people DDoS in the first place! Because it works...
>
>
>
> Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when
> this happens. Again,
> the Israeli police (or Government) has no jurisdiction over the whole Internet...
>
>
>
> It's is enough for the victim to be affected in Israel for it to be a crime in Israel.
>
>
> This may be true (I don't know our law. it was more of a quandary). Still, jurisdiction over the entire Internet, not located in Israel? That's not simple!
>
>
> I think it is time for me to quote from the Serenity Prayer:
>
> "God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference."
>
> Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts...
>
>
>
> I'm wondering if there isn't a public policy initiative that we should be pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's necessary, but sometimes concrete action is required. The problem here is that some small players
> are getting soaked disproportionately for the county's wars.
>
>
> I already asked and couldn't see your answer, so I will ask again: What actions do you want your government to do against the computers in China, North Korea, or Arab countries? Please elaborate. Don't just say that 'someone needs to do something'
> - tell us what can they do that they don't, that would help in situations like this... also tell us what should they do after they somehow made 20,000 computers clean, just to realize that in a keystroke, the attacker infected 20,000 other
> computers, and all what they, basically had no influence whatsoever.
>
> b.t.w. why are you so sure that those are "country's wars" ? Running an innocent IRC server is very likely to get you DDoS'd too. A decade ago, DALnet, the biggest IRC network users-wise (AFAIK), had been on netsplit more time than not, because
> someone DDoS'd them. For months. The network lost servers because ISPs that donated them didn't want the headache - their legitimate business got hurt. The network never recovered. At the top they had > 100k users online globally. This second the
> number is 12,727 users. Israel was not a side...
>
> Your friend got DDoS'd because he got DDoS'd. The country he lives at had nothing to do with it. Unless of course he hosted specific websites that made people angry. If that was the case, it was his war, not the country's. "Sof Ma'ase,
> Be-Machashava Techila"...
>
> -- Shimi
>
>
>
--
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- yba at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
More information about the Linux-il
mailing list