EFTA02451032

From: Vincenzo lozzo < Sent: Monday, September 26, 2016 11:56 AM To: jeffrey E. Cc: Joi Ito; Danny Hillis; Reid Hoffman Subject: Re: Warning: this is=likely going to be a long essay, but I think it gives some perspective on t=e topic. The short version is: I was talking to Joi about this the other day -=1 wouldn't pay too much attention to this, Schneier has a long tradition of=dramatizing and misunderstanding things. That said, buying cloudflare (it's pr=vate) or akamai stock might be an idea because DDos attacks are not going a=ay soon and as a trend they will likely increase. Also to provide some perspec=ive, he links to this: https://www.verisign.com/assets/report-ddos-trend=-Q22016.pdf <https://www.verisign.com/assets/repo=t-ddos-trends-Q22016.pdf> If you look at the numbers on page 9 they are an o=der of magnitude smaller than the attack on a, rather unknown to the genera= public, cyber security journalist: https://krebsonsecurity.=om/2016/09/krebsonsecurity-hit-with-record- ddos/ <https://krebsonsecurity=com/2016/09/krebsonsecurity-hit-with-record-ddosh <=pan style="background-color: rgba(255, 255, 255, 0);">And we are talking a=erage not median.. CloudFlare was able to absorb most of the attack=on Krebs' website and they probably brought the website down because he wou=dn't be able to pay for the service at that rate anyway. So those numbers t=ere are nowhere close to "probing" the limits as he suggests.. =div> </=iv> The more i=teresting aspect is that DDos attacks boil down to two strategies: 1) "=mplication" attacks - which is a text book example of the tragedy of the co=mons 2) Force real traffic to happen. This often happens when you compromise a=device (that's what a botnet does). In that sense loT is particularly dange=ous (1) Is a good argument for Danny's idea of building a backup in=ernet. The problem there is that a lot of protocols (DNS, NTP etc etc) have=design flaws in that you can generate asymmetric amounts of traffic and for=e the traffic to go to some other destination. (eg: https://www.us-cert.govincas/alerts/=A13-088A <https:/=www.us- cert.gov/ncas/alerts/TA13-088A> ) In a lot of cases people leave around the internet vulnera=le servers and those are used for these types of attacks (hence the tragedy=of the common). EFTA_R1_01550212 EFTA02451032 (2) Is a much harder problem to solve and to a large ext=nt it wouldn't go away even if we had a different internet. And (2= is interesting because you don't necessarily need to compromise the target=if you have control of the network infrastructure. For instance, China atta=ked GitHub by injecting JavaScript into people's navigation session (http://www.netresec.com/?page=Blo=&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub<=a>). The lavascript code would then reach out to GitHub and DDos the websit=. Computer Science problem aside, (2) is problematic because=it leads people to think that things like this: http://=ww.skatingonstilts.com/skating-on-stilts/spiking-the-great-cannon.html <http://www.=katingonstilts.com/skating-on-stilts/spiking-the-great-cannon.html> &=bsp;are a good idea.. These poor man's attempts at "sanctions" are not=a solution, neither from a diplomatic/political POV nor from a technical on= in my opinion. Sent from my (phone On Sep 26, 2016, at 10:40, jeffrey E. <[email protected]> wrote: <=lockquote type="cite"> http://fortune.com/2016/09/25/intern=t-infastructure-attack/?xid=gn_editorspicks&google_editors_picks=tr=e = please note The information containe= in this communication is confidential, may be attorney-client privilege=, may constitute inside information, and is intended only for the use=of the addressee. It is the property of JEE Unauthorized use, disclos=re or copying of this communication or any part thereof is strictly proh=bited and may be unlawful. If you have received this communication in=error, please notify us immediately by return e-mail or by e-mail to [email protected]=/a>, and destroy this communication and all copies thereof, including=all attachments. copyright -all rights reserved <mailto:[email protected]> = 2 EFTA_R1_01550213 EFTA02451033