[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Your counsel on defeating DDOS Attacks



The following message from Gene Spafford bounced due to an email
address change.

- Steve


--------------------------
Received: from smtpsrv1.mitre.org (smtpsrv1.mitre.org [129.83.20.101])
	by lists.mitre.org (8.8.8+Sun/8.8.8) with ESMTP id HAA28296
	for <cve-editorial-board-list@lists.mitre.org>; Fri, 18 Feb
2000 07:41:18 -0500 (EST)
Received: from avsrv1.mitre.org (avsrv1.mitre.org [129.83.20.58])
	by smtpsrv1.mitre.org (8.9.3/8.9.3) with ESMTP id HAA22812;
	Fri, 18 Feb 2000 07:41:16 -0500 (EST)
Received: from basm.cerias.purdue.edu (basm.cerias.purdue.edu [128.10.243.21])
	by smtpproxy1.mitre.org (8.9.3/8.9.3) with ESMTP id HAA05673;
	Fri, 18 Feb 2000 07:41:15 -0500 (EST)
Received: from dorsai.cerias.purdue.edu (dorsai [128.10.241.20])
	by basm.cerias.purdue.edu (8.9.3+Sun/8.9.3) with ESMTP id HAA07117;
	Fri, 18 Feb 2000 07:41:15 -0500 (EST)
Received: (from spaf@localhost)
	by dorsai.cerias.purdue.edu (8.9.3+Sun/8.9.3) id HAA05169;
	Fri, 18 Feb 2000 07:41:25 -0500 (EST)
Mime-Version: 1.0
X-Sender: spaf@128.10.241.20
Message-Id: <v04220804b4d27b08db55@[128.10.241.66]>
In-Reply-To: <200002172333.SAA25379@basie.mitre.org>
References: <200002172333.SAA25379@basie.mitre.org>
Date: Thu, 17 Feb 2000 23:30:38 -0500
To: "Steven M. Christey" <coley@LINUS.MITRE.ORG>
From: Gene Spafford <spaf@cerias.purdue.edu>
Subject: Re: Your counsel on defeating DDOS Attacks
Cc: cve-editorial-board-list@lists.mitre.org, gjg@MITRE.ORG, wrg@MITRE.ORG,
         ptasker@MITRE.ORG, ckrause@MITRE.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

At 6:33 PM -0500 2/17/00, Steven M. Christey wrote:
  >
  >4) Often, security is not a corporate priority, which means that it is
  >under-supported financially.

And administratively.   If you can't enforce policy, it doesn't really exist.

  >
  >1) Encourage the widespread use of strong authentication.  Encryption
  >is mentioned in the proposal, but not authentication.

Only where appropriate.   The encryption and key lookup involved slow
systems down, and can add to a DOS attack.   Furthermore, there are
many places where strong authentication is not desireable because it
reduces privacy.

Page Last Updated or Reviewed: May 22, 2007