Self Defense thourg DoS... ? (was: too many illegal connection attempts through ssh)

Benjamin Rossen b.rossen at onsnet.nu
Thu Apr 14 15:23:26 PDT 2005 

On Thursday 14 April 2005 00:30, Hexren wrote:
> "Central _trusted_ authority" leaves a bitter taste in my mouth... but
> then I may be paranoid.
> Anyway if I am a local user on a machine and I have access to an ssh
> binary (that is what I meant with "ssh access") and bash, I can churn out 
connections
> with the only limit beeing my bandwith and system limits on the number
> of processes I can run at one time. But even with these set to
> sensible defaults say 10 processes and 1/10 of site bw. I am able to
> "attack many disparate machines in different parts of the world"
> therefore I am able to trigger a _defensive_ DoS against the machine
> in that I am.
> 
> Regards
> Hexren
>
Hexren, 

I get your point. It is a very good point. Economists call that 'moral 
hazard', by which they mean that any system instituted to protect against one 
evil, can be recruited by a some individuals to bring about another 
inforeseen evil. The question then becomes; which is the greater evil? 

How may people who are local users and have access to ssh, are going to want 
to use defensive DOS to bring down the machine they are on? Surely, if they 
have these privileges, there are countless easier and more direct ways of 
bringing down their own machines. Even if there are some situations where the 
porposed system of defensive DOS can be used in this way, is the evil that 
results from these remote suicides worse that the evil that results from the 
crackers who are presently not checked in any way? 

Trusted authorities are a necessary feature of life in the real word, but 
there should be checks and balances in place. The word 'trusted' implies 
that. They are not just Statutory Authorities, or Powerful Forces. They are 
trusted by some one or some group, or the majority, and perhaps universally. 
Perhaps the question here should be: who determines which authority should be 
trusted, and who monitors their exercise of authority to see that they remain 
trustworthy? 

Benjamin Rossen

More information about the freebsd-questions mailing list