Providers must answer for DoS attacks.
Internet service providers should be responsible for the DoS attacks made through their networks, says Lillian Edwards, a lawyer at the University of Southampton. Her opinion, expressed on November 13 at the conference “Protection against DoS attacks on the Internet” in London, is quoted by New Scientist .
During a DoS attack, an attacker floods a particular server with a lot of useless traffic, thereby blocking normal access to this server and the sites located on it. “Trash” traffic is most often generated by hundreds or even thousands of computers infected with a virus and managed to use it remotely. The only purpose of a virus is to attack a target at a certain moment at the command of a virus writer.
Lilian Edwards, one of the leading lawyers in the field of Internet law, notes the need for responsibility for such actions in relation to all "accomplices". At the moment, providers do not bear any responsibility for the data that passes through their networks, and Edwards believes that the authorities should force them to check on this data.
')
Ian Brown, head of the Communication Research Network , noted the fact that many companies are willing to pay a “ransom” to keep their network representation untouched. Attackers sometimes require 50 thousand dollars to ensure that attacks are not carried out.
“On eBay , you can always get a fresh virus for about $ 4,000, from which no anti-virus programs can protect you for 2 weeks. During this time, you can organize more than one DoS attack, ”says Brown. “It is possible to protect against attacks from virus-infected computers only if Windows becomes a safer operating system. However, Microsoft is moving towards this very slowly. Users may take some protective measures by installing anti-virus software, but authorities should be able to set legal restrictions. ”
There is already a technology that will help providers in blocking DoS attacks - “deep packet inspection”: it can be used to distinguish, for example, Internet calls and downloading video files. Edwards notes that with her own help, you can identify a sharp increase in useless web traffic: "Providers have the knowledge, resources, and related capabilities, so they have to control unusual bursts of network traffic."
The idea to force providers to fight DoS-attacks is doomed to failure, says Malcolm Hotty, a representative of the London Providers Association: “It’s not the providers that are to blame for the attacks, but infected computers”. In addition, it is quite costly to distinguish between “attacking” and “innocent” traffic, both in terms of finance and time: as a result, the speed of data transmission will suffer, and therefore all clients of companies providing Internet access services.
“The Internet Governance Forum blog was so popular that the servers on which it is located simply could not withstand the influx of users. It was not a DoS attack, but for data verification systems it would look that way. How, then, will Internet providers be able to distinguish just popular sites and targets of attacks? ”Hotty resents.
A company spokesman for Symantec said that attackers, in the event that providers actually inspect traffic for attacks, simply encrypt their commands. Thus, the discovery of such teams will be almost impossible for providers: “If we try to separate good traffic from bad, the bad guys will just make their traffic unrecognizable.”
During a DoS attack, an attacker floods a particular server with a lot of useless traffic, thereby blocking normal access to this server and the sites located on it. “Trash” traffic is most often generated by hundreds or even thousands of computers infected with a virus and managed to use it remotely. The only purpose of a virus is to attack a target at a certain moment at the command of a virus writer.
Lilian Edwards, one of the leading lawyers in the field of Internet law, notes the need for responsibility for such actions in relation to all "accomplices". At the moment, providers do not bear any responsibility for the data that passes through their networks, and Edwards believes that the authorities should force them to check on this data.
')
Ian Brown, head of the Communication Research Network , noted the fact that many companies are willing to pay a “ransom” to keep their network representation untouched. Attackers sometimes require 50 thousand dollars to ensure that attacks are not carried out.
“On eBay , you can always get a fresh virus for about $ 4,000, from which no anti-virus programs can protect you for 2 weeks. During this time, you can organize more than one DoS attack, ”says Brown. “It is possible to protect against attacks from virus-infected computers only if Windows becomes a safer operating system. However, Microsoft is moving towards this very slowly. Users may take some protective measures by installing anti-virus software, but authorities should be able to set legal restrictions. ”
There is already a technology that will help providers in blocking DoS attacks - “deep packet inspection”: it can be used to distinguish, for example, Internet calls and downloading video files. Edwards notes that with her own help, you can identify a sharp increase in useless web traffic: "Providers have the knowledge, resources, and related capabilities, so they have to control unusual bursts of network traffic."
The idea to force providers to fight DoS-attacks is doomed to failure, says Malcolm Hotty, a representative of the London Providers Association: “It’s not the providers that are to blame for the attacks, but infected computers”. In addition, it is quite costly to distinguish between “attacking” and “innocent” traffic, both in terms of finance and time: as a result, the speed of data transmission will suffer, and therefore all clients of companies providing Internet access services.
“The Internet Governance Forum blog was so popular that the servers on which it is located simply could not withstand the influx of users. It was not a DoS attack, but for data verification systems it would look that way. How, then, will Internet providers be able to distinguish just popular sites and targets of attacks? ”Hotty resents.
A company spokesman for Symantec said that attackers, in the event that providers actually inspect traffic for attacks, simply encrypt their commands. Thus, the discovery of such teams will be almost impossible for providers: “If we try to separate good traffic from bad, the bad guys will just make their traffic unrecognizable.”
Source: https://habr.com/ru/post/4687/
All Articles