Slashdot Mirror
Internet Providers Band Together to Fight Evil
toadlife writes "A group of prominent Internet providers are teaming up with a security vendor Arbor Networks to form the Fingerprint Sharing Alliance. Through the use of Arbor Networks Peakflow SP internet appliance (which is an OpenBSD box with some secret sauce mixed in), members of the alliance can share internet threat information with each other in real time. It sounds a bit like Razor, doesn't it?"
How about: "It sounds a bit like SkyNet, doesn't it?"
Yeah, great, because we all know that AOL, MSN and Google are pure in heart epitomies of goodness.
DDOS attacks? BitTorrent traffic? Spam email? Slashdotting? Seems a bit too vague to be good.
If the cat can't experience its own death, nothing will ever kill you. (No, really!)
From TFA: Arbor Networks added the Fingerprint sharing capability to Peakflow SP to allow companies to share attack fingerprints automatically without revealing any competitive information.
The notion of "Fingerprints" is interesting, I wonder if this will really stop the spammers and other cyber-criminals.
As for the revealing competitive information I dont care revealing anything these bastards could have, you know, they keep pissing people so, why have any consideration ??
Ubuntu is an African word meaning 'I can't configure Debian'
I've always thought that seeing the world after the nuclear apocalypse done by Skynet would be cool. Post-nuclear winter. Here I come!
This all seems to vague to work, a box that could be exploitable reporting "evil" acts to others, there's something missing here
I can't see this working unless they make it more secure, and define what "evil" is
Business Voyeur
Will they all be wearing spandex bodysuits and flowing capes to work?
Ok when i first read this , i had images of a bunch of guys in orange suits bursting into peoples houses and Instaling firefox and anti spyware software on windows machines, then just before diving out the window shouting "All in a days work Ma'am"
. ,which has been around for a good while i have been amazed how many ISPs are actualy doing very little about it , I have my theorys why some do so little (pay per bandwidth is becoming rather popular these days) though most are not like this.
After reading the story though , i must say "About fragleing time "
As the submitter mention razor
The sooner ISPs take a proactive(shudder jargon word) stand against offenders and start to disalow the traffic or manage problems (im aware many people are victums , but this gives them an alert that they have an infected PC ), the sooner we can start to enjoy our times online without fear of Spam or fear that our servers will be DDoS'ed into the ground.,
The only things certain in war are Propaganda and Death. You can never be sure which is which though
"members of the alliance can share internet threat information with each other in real time"
That and some sweet downloads.
GET FREE APPLE STUFF!
Looks great and all, but according to one of those screenshots, alot of the ICMP packets are coming from 172.x.x.x addresses. I asked my ISP if they could dish me out a few of these once awhile back, but they kept on declining everytime I asked. What gives?
Also, they say this bad boy runs on OpenBSD. Where can I download my copy?
The best example for collaborative evil fighting is www.barracudanetworks.com
This is my sig. There are thousands more, but this one is mine.
Powerful is he who overpowers his temptations.
... they implement the evil bit?
The Tao of math: The numbers you can count are not the real numbers.
A group of prominent Internet providers :\
Not after we slashdotted them
Shouldn't these so called "Internet providers" cope with a small increase in traffic?
RIAA and MPAA Team Together to Create Kryptonite would be my guess.
This could be the greatest comic book. Ever.
Initiatives such as this one are part of a move toward an internet immune system -- active systems that watch for and halt undesirable activities. But like the mammalian immune system, it will doubtless be subject to false positives. This raises the potential for auto-immune diseases such as when someone's IP is inappropriately blacklisted.
The core of the problem will be a disconnect between the fast response time required for properly halting fast-spreading malware (e.g., a compact worm that attacks even just 1% of hosts will probably double its infected base every second and saturate the entire net within a minute) and the slower response times of human-mediated due-process procedures. The need to quickly halt infections will lead to a hair-trigger system that may shutdown innocent hosts or kill legitimate activity.
Internet auto-immune diseases are potentially quite serious as that actually create a serious new vulnerability. Criminals could try to trigger an immune response on a target and trigger an immunity-DOS response on the target by using the system against itself.
Two wrongs don't make a right, but three lefts do.
Is just engrish or something? What amount of spam propagation is necessary? Can't the last two words there just be dropped?
You don't know how secure it is now, how the hell do you know it needs to be made more secure? It is an openbsd box, and I really doubt they are running alot of public services on them.
Finally the evil bit is going to be used! They start on Friday.
"It sounds a bit like Razor, doesn't it?"
Not even remotely, no.
Since they are the ones providing the pipes, they could really give a boost to the RFC 3514 a.k.a. Evil Bit for filtering out the unwanted packets ...
"Internet Providers Band Together to Fight Evil"
I wonder what their special powers will be. I know BT's agreement with ET will enable it to fly bicycles and heal sick things with a glowing finger, but what about the others?
(Sorry American people etc. You probably haven't seen the adverts.)
Philip
Signatures are broken
Ok, Peakflow SP tracks and reports on network flows and the associated data gleaned from a flow such as src/dst IP addresses and ports, bytes transferred, duration of flow, etc. It does't capture packet data (though you can do that on a limited basis). A flow is a unique network transaction that starts with the first packet from a source to a destination and ends with either a time-out(no packet sent) or in the case of TCP, a close sequence (RST, FIN).
/. effect might trigger a DoS alert, but someone has to go investigate the cause. Besides, how many sites get /.ed on a daily basis? But in general, flash traffic would be seen.
What is interesting about this is that traffic like DoS/DDoS attacks port scans have unique network fingerprints. For example, a DDoS attack is a large amount of traffic to a single source, often without any return traffic. That is unusual. Sure, the
What this means for service providers, hopefully, is that they can more quickly respond to attacks and improve the general health of the networks they manage by locating the source of the malicious traffic more quickly.
Subject says it all, and it's pretty much all I want, a automated system where by if I say I don't want to recieve ICMP messages for the next hour, my ISP firewalls them off.
A similar system could be employed by the ISP to inform the backbone to stop sending them specific types of packet for a while, and mabie evolved so that backbones can tell large ISPs to filter some of there customers from sending packets at a specific target.
Well, there you have it. The Fingerprint Sharing Alliance has been ./ed, and they are hosed. I guess that proves we really need it.
Maybe they should change the name of the organization to the Civic Minded-18. Of course their battle cry is going to have to be, "Let's Make A Difference!"
First of all, some more details about this project can be found here.
There is nothing new about the idea, in fact, it's long overdue. There is however something new in the idea having a practical implementation. The problem so far was that various network operators use very different hardware and software to monitor their networks (if at all..), thus, the idea of a 'fingerprint' may vary. Sharing becomes difficult.
By standarlizing on one platform (Arbor Networks PeakFlow SP), this becomes possible. All operators have the same device, which, coupled with this functionality, can finally bring this idea to life.
PeakFlow SP are Intel/OpenBSD boxes with additional Arbor software. They do however retail for 120,000$ per collector unit, and a collector unit can only proccess data from up to 5 devices (usually routers which export NetFlow formatted data). This is quite a steep entrance fee to pay for the pleasure; and many of the smaller players will never be able to afford this.
In fact, it's all not much more than clever marketing for overpriced Arbor devices; without the initiative, you can easily look toward other products (Cisco GuardXT, ex-Riverhead, many others). With the initiative, you now have a bit more of a reason to send $120,000 to Arbour.
Expect every security vendor to have a similar central fingerprinting repository soon. Non-compatible with one another, ofcoure.
the worrying bit is the "revenue-generating service" of identifying and stopping DDOS mentioned in the ManagedServices bit of the website
it's like, either pay the bad dewds to not dos you or pay your telco to stop it happening when it does
http://netsquid.tamu.edu/
Lay off him. He's going through a messy divorce and his mind isn't exactly on his work.
These people have lives outside of slashdot, you know.
I notice no AOL on this list. The single largest provider of drone machines for botnets. You'd think they'd want in on something like this.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
When I read "Internet Providers Band Together to Fight Evil" for some reason I had the mental image of a bunch of kids with the names of major ISPs written on their T-shirts running around with rings containing the power of broadband, low latency etc.
Whenever the evil Doctor Congestion and Señor Spam try to take over the 'Net they come together to summon Captain Internet who saves the day and educates us about how to use up less bandwidth.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
If they would but do it this coalition could expand their concern to the detection and prevention of zombie spam (that is, abuse of systems within each provider's IP space as zombies) they could begin the process of eliminating spam. Not dealing with spam, eliminating spam. It's long past time for that.
The great unexploited opportunity for eliminting spam is at the intermediate level (that is, ahead of the destination server for the spam.) If they had been implemented in sufficient numbers at the appropriate time (with "sufficient numbers" being below 1% of all IP addresses) open relay and open proxy honeypots could have eliminated spam - before the spammers had a chance to advance to zombies.
The great anti-spam opportunity is still at the intermediate level (where distinguishing spam from valid email isn't necessary - no valid email follows the path spam takes.) At the intemediate level anti-spam actions can easily be 100% effective, 100% accurate. No spam delivered, no valid email (of which there is none using that path) wrongly stopped.
All it would take would be for ISPs and others to detect the abuse and then act against it - in all the ways they can or in all the ways they choose (some, for instance, might cling to the "only blocking is good" philospohy. OK, let them only block - it still is productive, even though it's way less so than interception, since the spammers can simply choose another abuse path when they experience blocking. For interception the spammers first need to learn that the spam is bieng intercepted. It's always good to make life harder for the spammers, to add to their burden.)
(goofy tech looking at LAN Monitor) What's that on the LAN ?
Is it a torrent packet ?
Is it a ping ?
No... it's ISP man !!!!
I just hope they wear good tights. Superheros need good tights.
Sky subscribers are morons. They pay to be advertised at !
I'm glad the likes of Verizon and MCI will be attempting to save me from the evil-doers.
You cleave to the muzzle of a bunch of fat enveloping whales.
The ankle is the time to kill. Dont forget to stab you in your general direction. I dislike it because you have any cocane?
What the fuck are you fucking talking about but cannot recall what i have a very easy job. The kind robots will be ddos'ed into the ground.
I wish it sounded more like DCC, which is vastly superior.
... I thought for a minute maybe everyone was going to gang up on SCO.
Will they all be wearing spandex bodysuits and flowing capes to work?
Oh god, please... NO. I have this delicate image of a 300 pound sysadmin with greasy hair and beard wearing what you described. For some reason, I have now completely lost my appetite...
"These people have lives outside of slashdot, you know."
Would that I could mod this +10 Insightful and put it up in 40-point flashing type.
Ignorance is curable, stupid is forever.
Until every provider (or at least a significant number of them) starts using new standards, and particularly for e-mail. Spam via e-mail is one of the biggest problems today, and it is all because of an extremely inadequate e-mail standard. In my opinion, this where it should all begin. Is that one of the goals clearly stated by this "alliance"?
This seems fine if it is only done at your request. But with the system in place, isn't there a central authority that can turn things on and off at their own whim? When I first read about this, it seemed more like a "Great Firewall of China" controlled by American corporations. I hope I am mistaken.
Or, at the very least, a good attention grabbing headline for a /. story. :)
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
TAACS is an open-source system for doing very similar (automatically responding to threats) being put together by a student at the University of Texas - Pan American.
http://taacs.python-hosting.com
this is all about beating DDoS which is more important to ISP's wanting to protect their precious bandwidth and high profile customers...
Why is everyone talking about spam??
This is a wonderful idea, long overdue but also a blatent marketing scheme to do something good but only give you the choice of buying product X to do so..
the joys of capatalism
Greg M
This is why idiots shouldn't be let near computers...
foam-formation of all materials, EVEN POPULATION, is the worst of all. maybe that killed god!
http://www.forescout.com/activescout.html
~hylas