netsec-sig - Re: [Security-WG] Someone Is Learning How to Take Down the Internet
Subject: Internet2 Network Security SIG
List archive
- From: Von Welch <>
- To:
- Cc: "" <>
- Subject: Re: [Security-WG] Someone Is Learning How to Take Down the Internet
- Date: Sat, 17 Sep 2016 17:35:50 -0400
- Ironport-phdr: 9a23:0SIPrxRHdRwAUcbSEYSdjvWIv9psv+yvbD5Q0YIujvd0So/mwa67YhSN2/xhgRfzUJnB7Loc0qyN7PCmBDdLuMvJmUtBWaIPfidNsd8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV2sfTZyc//4EZPIjtimkv+905zVfwhSgjehO/V/IAjlgx/Ws5woho0qFas1wRuB9mVPfcxIwmV3KFaYn1D34cLmr80ryDhZp/90r50Iaq79ZaltFbE=
Paul,
To me it's not clear that the adversary not changing tactics is worth the
trade-off of them being able to use the tactics on other potential victims
(nor that everyones incentives are aligned). In more conventional settings
where you aren't worried about the attacks scaling their attacks with the
ease they can on the Internet, I agree it makes sense. With the ease of
scaling attacks on the Internet, it's not obvious to me it doesn't make sense
to make attackers change tactics as often as we can.
But no, I'm not familiar with research or objective evidence either way.
Von
> On Sep 15, 2016, at 9:17 AM, Paul Howell
> <>
> wrote:
>
> Von,
>
> I was simply referring to the theory that tipping off an adversary by
> publicly announcing tactics they are using results in an adversary changing
> tactics to avoid detection. I don't know if this is actually true, do you
> know of any research that disputes this notion?
>
> Regards,
> Paul
>
>
> -----Original Message-----
> From:
> <>
> on behalf of Von Welch
> <>
> Reply-To:
> ""
>
> <>
> Date: Wednesday, September 14, 2016 at 5:26 PM
> To:
> ""
>
> <>
> Cc:
> ""
>
> <>
> Subject: Re: [Security-WG] FW: Someone Is Learning How to Take Down the
> Internet
>
> Paul,
>
>> I wish that the threat indicators were included in this story, but
>> understand why they are not public.
>
> Jumping on a philosophical soapbox for a second, I don't understand why and
> would enjoy understanding your perspective. I worry that these secrecy
> practices are holding us back in cybersecurity.
>
> Best,
>
> Von
>
>> On Sep 14, 2016, at 8:43 AM, Paul Howell
>> <>
>> wrote:
>>
>> Hi Everyone,
>>
>> I wish that the threat indicators were included in this story, but
>> understand why they are not public. Certainly if we see anything
>> threatening, we'll be happy to share with all of you. Hopefully others
>> will do the same.
>>
>> https://www.lawfareblog.com/someone-learning-how-take-down-internet
>>
>>
>> Regards,
>> Paul
>>
>> Paul Howell
>> Chief Cyberinfrastructure Security Officer
>> Network Services, Internet2
>> 100 Phoenix Drive, STE 111
>> Ann Arbor, MI 48108
>> Office: 734-352-4212
>> Email:
>>
>>
>>
>
>
>
>
- [Security-WG] FW: Someone Is Learning How to Take Down the Internet, Paul Howell, 09/14/2016
- Re: [Security-WG] FW: Someone Is Learning How to Take Down the Internet, Von Welch, 09/14/2016
- Re: [Security-WG] FW: Someone Is Learning How to Take Down the Internet, Paul Howell, 09/15/2016
- Re: [Security-WG] Someone Is Learning How to Take Down the Internet, Von Welch, 09/17/2016
- Re: [Security-WG] Someone Is Learning How to Take Down the Internet, Montgomery, Douglas (Fed), 09/20/2016
- Re: [Security-WG] Someone Is Learning How to Take Down the Internet, Von Welch, 09/17/2016
- Re: [Security-WG] FW: Someone Is Learning How to Take Down the Internet, Paul Howell, 09/15/2016
- Re: [Security-WG] FW: Someone Is Learning How to Take Down the Internet, Von Welch, 09/14/2016
Archive powered by MHonArc 2.6.19.