Quoting Ian C. Sison ([EMAIL PROTECTED]):
> Agreed. But the fact that there is no information or data lossage does
> not mean that there had been no damage to the entity responsible for the
> online service... read below for more.
We're furiously agreeing with one another, but keep chasing details:
You keep stressing that a DoS is a security problem. I keep replying,
yes, of course, but it's important to distinguish it from exploits,
which (I claim) are ultimately more-dire exposures, and DoSes are not
what one _usually_ means when one generically says "security compromise"
or "security problem". I think we can regard that as sufficiently
discussed.
> what it seems to miss is the fact that a well organized DoS can cause an
> entity just as much loss in revenues as with the case of an intrusion
> where certain priveleged data was stolen.
Generally, no. A DoS that for some reason could not be stopped through
software fixes or switches to different software might qualify, _if_ for
some reason you could not filter for it in routers, etc. One example
might be ping storms from continually changing source hosts, or some
other type of DDoS that involves overwhelming the target through sheer
quantity of traffic. Otherwise, no. We'll discuss specifics, below.
> If #2 where running an e-commerce site which usually generates $10,000
> dollars per hour, and someone decides to DoS your name servers and bring
> your name servers down, so that requests for the name service of the site
> fail, assuming 50% of total name server queries are new (not cached), then
> your site will fail 50% of the time, and you loose the potential revenue.
Nope. I'd temporarily switch to MaraDNS in about five minutes.
I've essentially already covered this, in my prior post: If it's a DoS
that kills Apache, I'll bring up Boa in five minutes. If it's against
vs-ftpd, I'll bring up Pure-ftpd in five minutes. If it's against
Exim... well, I _think_ I'd probably have Postfix adequately figured
out in half an hour or so. ;-> Or temporarily resurrect Sendmail.
Service downtime, in any event, is going to be way, way, way less than
following a root compromise -- plus only one service is affected (and no
information theft, no reputation loss, etc.). Costs loads less, in both
actual business costs and sysadmin white hairs.
> Yup, that was my point. Cyrus' delivery agent (MDA).
Are post-office-type protocols classed as MDAs? I hadn't thought that
was the case, but hadn't really pondered the matter much.
--
Cheers, Everything is gone;
Rick Moen Your life's work has been destroyed.
[EMAIL PROTECTED] Squeeze trigger (yes/no)?
-- David Carlson (winner, haiku error message contest)
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
