[nsp-sec] Heads-Up - Dalai Lama Live Webcasts

Daniel Schwalbe dfs at cac.washington.edu
Mon Apr 14 13:27:30 EDT 2008 

Hi Don,

I hear what you are saying. This is one of these cases where the 
educational freedoms demanded by a major research institution can be at 
direct odds with what could be considered the common sense approach to 
Internet Security.

The site is maintained by our Computer Science department, and it is part 
of a research project. Unless they are actively breaking the network or 
are generating tons of external abuse complaints, there is very little 
they aren't "allowed" to do around here.

Of course the counter-argument that routinely gets made is that if 
researchers can find something without being granted "special access", so 
can the bad guys. No doubt it's more convenient for bad guys to be able to 
look up all black holes in one central location, but there is nothing 
stopping them from compiling their own lists (which no doubt is happening 
already).

I can have a conversation with the PI of this project, but I am not 
holding out much hope that they will stop what they are doing.

 	-Daniel
_______________________________________________________
Daniel Schwalbe, CISSP             dfs at u.washington.edu
Lead Security Engineer                 +1(206) 221-7000
University of Washington         UW Technology Services
PGP: E2DD CE57 62F4 0F22 CA09  37AB CA69 A2A3 1A45 0BF7


On Mon, 14 Apr 2008, Smith, Donald wrote:

> Daniel hubble.cs.washington.edu was recently brought to my attention.
>
> It appears to be legit however I question it's benefit.
> Some ISPs blackhole ip addresses or cidr blocks to protect customers.
>
> However what it shows isn't just what we call blackholes. It
> connectivity loss too.
> I personally wouldn't want a list of blackholes published. Networks or
> IP addresses that get blackholed are usually blackholed for a good
> reason and letting the bad guys know which networks blackholed their
> malicious sites is in my opinion not conducive to good Internet
> security.
>
>
> RM=for(1)
> {manage_risk(identify_risk(product[i++]) &&
> (identify_threat[product[i++]))}
> Donald.Smith at qwest.com giac
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
>> Daniel Schwalbe
>> Sent: Tuesday, April 08, 2008 12:15 PM
>> To: nsp-security at puck.nether.net
>> Subject: [nsp-sec] Heads-Up - Dalai Lama Live Webcasts
>>
>> ----------- nsp-security Confidential --------
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: RIPEMD160
>>
>>
>> Between April 11th and April 15th, The University of
>> Washington in Seattle
>> will host several functions that feature His Holiness the
>> 14th Dalai Lama.
>>
>> Our TV channel, UWTV will have live broadcasts of most of the events.
>> See http://www.uwtv.org/dalailama for details.
>>
>> There will also be live webcasts available. Here is where I
>> get nervous...
>>
>> With all the current political tension between China and Tibet (...),
>> there might be a realistic threat of attempts to disrupt the
>> webcasts over
>> the network. DDoS comes to mind.
>>
>> The streaming infrastructure is part of AS73, specifically in the
>> 140.142.8.0 space.
>>
>> I am not so much concerned about a strictly bandwidth
>> targeted attack (we
>> have decently big pipes), but a resource attack on the
>> streaming servers
>> could get ugly. So I might be asking for help here, if it
>> comes to that.
>>
>> Hopefully all will stay quiet on the Western Front ;-)
>>
>>  	-Daniel
>> _______________________________________________________
>> Daniel Schwalbe, CISSP             dfs at u.washington.edu
>> Lead Security Engineer                 +1(206) 221-7000
>> University of Washington         UW Technology Services
>> PGP: E2DD CE57 62F4 0F22 CA09  37AB CA69 A2A3 1A45 0BF7
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.1 (GNU/Linux)
>>
>> iD8DBQFH+7YvymmioxpFC/cRAzxrAJ9DklnhkLI34Rx/lyekX+pbRxZPugCgq4jI
>> +nkkr5iKtlS2c2FJq5vsM8s=
>> =6D5N
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective
>> Internet security counter-measures.
>> _______________________________________________
>>
>>
>
>
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful.  If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
>

More information about the nsp-security mailing list