From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 22:23:26 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36C9616A4CE for ; Thu, 14 Apr 2005 22:23:26 +0000 (GMT) Received: from ipact2.infopact.nl (x71.infopact.nl [212.29.160.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFE3843D31 for ; Thu, 14 Apr 2005 22:23:24 +0000 (GMT) (envelope-from b.rossen@onsnet.nu) Received: from [192.168.1.100] (32-11-ftth.onsnet.nu [84.35.11.32]) by ipact2.infopact.nl (8.12.10/8.12.10) with ESMTP id j3EMNNvU018512 for ; Fri, 15 Apr 2005 00:23:23 +0200 From: Benjamin Rossen Organization: GearSticker Corporation To: freebsd-questions@freebsd.org Date: Fri, 15 Apr 2005 00:23:06 +0200 User-Agent: KMail/1.7.1 References: <36f5bbba050406001514562df7@mail.gmail.com> <200504140011.44565.b.rossen@onsnet.nu> <16324081427.20050414003011@hexren.net> In-Reply-To: <16324081427.20050414003011@hexren.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504150023.06724.b.rossen@onsnet.nu> X-Scanned-By: MIMEDefang - SpamAssassin Subject: Re: Self Defense thourg DoS... ? (was: too many illegal connection attempts through ssh) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: b.rossen@onsnet.nu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 22:23:26 -0000 On Thursday 14 April 2005 00:30, Hexren wrote: > "Central _trusted_ authority" leaves a bitter taste in my mouth... but > then I may be paranoid. > Anyway if I am a local user on a machine and I have access to an ssh > binary (that is what I meant with "ssh access") and bash, I can churn out connections > with the only limit beeing my bandwith and system limits on the number > of processes I can run at one time. But even with these set to > sensible defaults say 10 processes and 1/10 of site bw. I am able to > "attack many disparate machines in different parts of the world" > therefore I am able to trigger a _defensive_ DoS against the machine > in that I am. > > Regards > Hexren > Hexren, I get your point. It is a very good point. Economists call that 'moral hazard', by which they mean that any system instituted to protect against one evil, can be recruited by a some individuals to bring about another inforeseen evil. The question then becomes; which is the greater evil? How may people who are local users and have access to ssh, are going to want to use defensive DOS to bring down the machine they are on? Surely, if they have these privileges, there are countless easier and more direct ways of bringing down their own machines. Even if there are some situations where the porposed system of defensive DOS can be used in this way, is the evil that results from these remote suicides worse that the evil that results from the crackers who are presently not checked in any way? Trusted authorities are a necessary feature of life in the real word, but there should be checks and balances in place. The word 'trusted' implies that. They are not just Statutory Authorities, or Powerful Forces. They are trusted by some one or some group, or the majority, and perhaps universally. Perhaps the question here should be: who determines which authority should be trusted, and who monitors their exercise of authority to see that they remain trustworthy? Benjamin Rossen