[e2e] Re: crippled Internet

Mike Fisk mfisk at lanl.gov
Wed Apr 18 16:10:19 PDT 2001


On Wed, 18 Apr 2001, Ted Faber wrote:

> On Wed, Apr 18, 2001 at 09:51:02PM +0000, Bob Braden wrote:
> > 
> >    *> responses to DoS attacks get sent? Who ends up paying for them?),
> > 
> > Actually, the last is easy: the administrators of the nodes that were
> > "stolen" to mount the DoS attack pay for the traffic generated by
> > their nodes.  This provides the right incentive structure, IMHO.
> 
> Unless I've misunderstood you, you're going to charge my Mom if her
> Windows box gets hacked and used in a DoS attack on Yahoo.  I don't
> think that's the right incentive structure for anything except a bunch
> of irate users and eventual annoying legislation.  

Many folks have suggested that the security/quality of software won't be
improved until the financial effects of poor quality software are felt by
customers.  This is usually mentioned in the context of CFOs looking at
ownership costs, but it could apply to consumers as well.  If network
providers, the victims, law enforcement, and other parties are to spend
money reacting to such incidents, why not place some of the burden on the
owners of systems that enable such attacks?

-- 
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See http://home.lanl.gov/mfisk/ for contact information




More information about the end2end-interest mailing list