Distributed Denial of Service (DDoS) attacks are still making their way into the news, although not because someone launched another massive attack. The residual DDoS news centers on catching the perpetrators and developing remedies to prevent future attacks.
I've learned about several avenues being explored to help prevent DDoS attacks. Vendors have created new product-related aids and announced alliances designed to share information to help stop attacks, and Congress is pushing the Internet Security Act of 2000.
Many companies have added detection code to their products that detect DDoS client software used in coordinated DDoS attacks. Other vendors have added detection to border protection software that can determine whether a system on your network is flooding an external network on usually available ports. At least one company has announced a new chip that can filter packets at 100 times the speed of current packet filters.
Numerous Internet access providers and upstream communication carriers have teamed up to share information as quickly as possible in the event of a DDoS attack against one of their networks. The cooperative efforts will help curb any shenanigans that crop up in the future because information gathered from routers and other network devices can reveal the origin of traffic, and the companies can shut down or block those end points to systematically eliminate an attack.
Organizations will eventually push for new laws to help law enforcement deal with DDoS attacks. That's exactly what Congress is trying to do with the Internet Security Act of 2000. The bill consists mostly of a long list of amendments to existing laws, including forfeiture laws for computer equipment used to commit a crime; provisions for pen registers as well as trap and trace devices; provisions for PC users to authorize wire taps when their machines are infiltrated or used to stage attacks (which, as written, can bypass court approval); and so on.
These efforts are admirable, but are they enough? If we analyze the efforts, we learn that vendors are trying to solve the problem through better traffic management and cooperative information sharing, and law makers look not to solve the problem outright, but only to ensure they can identify a perpetrator after the fact. So the answer seems clear: Those efforts are not enough on the law-making side.
In many respects, the Internet is no different than the street, so logic dictates that we try to apply the same rules as best we can without making any redundant efforts. On US streets, people travel freely until they raise the suspicion of law enforcement. And whether you've done something that is merely suspicious or blatantly obvious, you'll most likely have to identify yourself to law enforcement officials—usually with a driver's license, state ID card, or passport.
Why can't we treat the Internet the same way? If I must have license plates on my car in case of a crime, accident, or other need to identify me as the owner, why shouldn't I have the same type of ID on my network packets so that if it becomes necessary, law enforcement officials can identify those packets as having come from my system?
At this point, I see no other way to maintain a reasonable level of user privacy while providing a means to more readily identify perpetrators. If people are willing to drive around with license plates on their car, then they probably won't be upset about a similar tag on their network packets.
What do you think? Are address licenses inevitable for the Internet? Is there a better way? Stop by our home page and post your comments to this editorial, or send me email if you prefer. Until next time, have a great week.
