Paul Ferguson wrote:
On 4/15/2014 9:52 AM, Miles Fidelman wrote:
Which does bring us back to the question of how to deal with "bad
actors" (or at least "irresponsible actors" or "uncooperative actors")
within a cooperative governance framework. Sigh.... Miles
Welcome to the club. I've been wondering about that same issue with
regards to getting adoption of BCP38 for over a decade. :-)
Well, seriously, though - people do respond to large-scale ddos attacks,
as well as to things like propagation of corrupted routing BGP tables -
both operationally, and sometimes legally. What are the ways that
people deal with those who are propagating such information, when they
don't cooperate, and particularly when they don't cooperate
intentionally? What recourse comes into the picture?
CERT comes to mind. So does the CFAA (Computer Fraud and Abuse Act).
But what about general principles for institutional response?
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra