Hiya, On 09/05/2019 01:04, Joe Touch wrote: > > If you think you can manage the flood by inferring it was an attack, > all you will accomplish is not protecting yourself from an > accidentally flood. That seems to make no sense at all to me. I doubt anyone thinks they can manage DoS attacks by just "inferring." If they do, they deserve all they get:-) If someone deploys sensible countermeasures for that kind of attack then I don't know of accidental behaviours that'd not be as well handled by those. Or can you quote a concrete example of such? But perhaps there's no need really - it could be that you are disagreeing with an argument that's not been made. The argument I have seen made, and have made myself, is that for a given attack behaviour, a network device cannot sensibly allow/ignore some such events whilst protecting against others since, at a given moment from a given vantage point, it can't tell which is "ok" and which not. So since those aren't distinguishable, no matter what you think of what potential attackers, we ought treat the behaviour as an attack. There have btw been people who have argued that "it's ok that it's us breaking into those systems as we are the good guys - you techies should let us in and keep everyone else out." So the "indistinguishable" argument I've seen used does not seem to be the argument with which you're disagreeing. I also don't recall that argument being used in the context of deliberate vs. accidental threats myself. The context is rather deliberate attack vs. "deliberate attack but supposedly ok because we're on the same side." There really is no way that GCHQ's attacks on Belgacom could have been construed as an set of accidental events;-) Cheers, S.
Attachment:
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
