undefined | Better HN

0 pointstptacek13y ago0 comments

The USG is actively prevented by current regulations from setting up a clearinghouse that would collect netflow signatures, botnet identification, and traffic captures of exploit code and then sharing that information with companies like Google and Facebook.

Private companies can and do share (heavily scrubbed) electronic signature information, but must go through contortions to do so, and incur huge legal costs to do it. As a result, only the largest companies participate in these efforts.

Because the USG is more or less enjoined from participating in clearinghouses with private companies, information sharing networks are handshake affairs that are often unknown to anyone outside tier-3 network engineering. Other private IT security product companies run de facto clearinghouses, but only for their customers.

As a result, when your startup gets DDoS'd and you call your ISP for help, they generally can't do shit to help you. It may annoy you to know that if your connectivity provider is large, there is a group in there that could offramp your traffic to internal "scrubbing centers" to peel off DDOS traffic. But because high-end DDoS protection at ISPs is done sub rosa, startups have a very hard time finding these people.

There is an actual problem with online security attacks right now, and hysteria over any USG intervention with the Internet at all is helping perpetuate it. And all it appears to take to fuel that hysteria is statements like "think of the overreach that will happen once a law hits the books".

0 comments

nitrogen13y ago

How do your last two paragraphs follow from the first three? How does having large companies share threat data help your small startup mitigate a DDoS?

There is an actual problem with online security attacks right now, and hysteria over any USG intervention with the Internet at all is helping perpetuate it.

This sounds an awful lot like, "We must do something. This is something, therefore we must do this."

tptacekOP13y ago

ISPs propagate flow-based snapshots of attacks to populate filters and redirect traffic to scrubbing centers, but they do so discreetly in part because of concerns about how well their data --- which is used exclusively to generate filters --- has been anonymized.

declan13y ago

What "regulations" are those that weren't addressed by the president's executive order last month? Can you provide a cite to an actual federal law that says this?

tptacekOP13y ago

Are you suggesting that the President's EO gave the federal government a blanket authority to publish threat information to the private sector?

declan13y ago

No, what I'm asking you for is an actual citation to federal law or the U.S. Code of Federal Regulations that backs up your claim ("USG is actively prevented by current regulations from setting up...")

That you failed to provide any, even though I think my request was fairly clear, provides strong evidence that you're unable to do so and your pro-CISPA argument was hand-waving, not based on facts or the law.

1 more reply

j / k navigate · click thread line to collapse

0 pointstptacek13y ago0 comments

0 comments

nitrogen13y ago

How do your last two paragraphs follow from the first three? How does having large companies share threat data help your small startup mitigate a DDoS?

There is an actual problem with online security attacks right now, and hysteria over any USG intervention with the Internet at all is helping perpetuate it.

This sounds an awful lot like, "We must do something. This is something, therefore we must do this."

tptacekOP13y ago

declan13y ago

What "regulations" are those that weren't addressed by the president's executive order last month? Can you provide a cite to an actual federal law that says this?

tptacekOP13y ago

Are you suggesting that the President's EO gave the federal government a blanket authority to publish threat information to the private sector?

declan13y ago

1 more reply

j / k navigate · click thread line to collapse