On Thursday 14 April 2005 00:30, Hexren wrote:
Central _trusted_ authority leaves a bitter taste in my mouth... but
then I may be paranoid.
Anyway if I am a local user on a machine and I have access to an ssh
binary (that is what I meant with ssh access) and bash, I can churn out
connections
with the only limit beeing my bandwith and system limits on the number
of processes I can run at one time. But even with these set to
sensible defaults say 10 processes and 1/10 of site bw. I am able to
attack many disparate machines in different parts of the world
therefore I am able to trigger a _defensive_ DoS against the machine
in that I am.
Regards
Hexren
Hexren,
I get your point. It is a very good point. Economists call that 'moral
hazard', by which they mean that any system instituted to protect against one
evil, can be recruited by a some individuals to bring about another
inforeseen evil. The question then becomes; which is the greater evil?
How may people who are local users and have access to ssh, are going to want
to use defensive DOS to bring down the machine they are on? Surely, if they
have these privileges, there are countless easier and more direct ways of
bringing down their own machines. Even if there are some situations where the
porposed system of defensive DOS can be used in this way, is the evil that
results from these remote suicides worse that the evil that results from the
crackers who are presently not checked in any way?
Trusted authorities are a necessary feature of life in the real word, but
there should be checks and balances in place. The word 'trusted' implies
that. They are not just Statutory Authorities, or Powerful Forces. They are
trusted by some one or some group, or the majority, and perhaps universally.
Perhaps the question here should be: who determines which authority should be
trusted, and who monitors their exercise of authority to see that they remain
trustworthy?
Benjamin Rossen
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]