Security Research At the Hague, Netherlands: Mobile Network and Internet Threats

MojoKid writes: The Hague Security Delta (HSD) is the official title of a collaborative effort between Netherlands businesses, their federal government and multiple research institutions, to identify emerging security threats, share best practices, and foster collaboration between industry, governments, and universities. One of the most pressing issues they're tackling is that of mobile network and internet security. One point that the Netherlands' officials made repeatedly is that the country is essentially the "digital gateway" to Europe. This might seem like hubris but once you look at the arrangement of undersea cables between the U.S. and Europe, it makes a lot more sense. The Netherlands is far from the only transatlantic connection hub between the U.S. and Europe, but it certainly accounts for a significant chunk of total cable capacity. One of the brainchildren of the HSD is the creation of what it calls the "Trusted Networks Initiative" that would allow direct denial of service attacks originating from specific countries to be cut off. By creating a network "bridge" that can be raised and lowered, the idea is that content and visitors can be cleanly isolated from the bad actors launching an attack. There's an intrinsic assumption here — specifically, the idea that attackers are gathered into a group of systems that can cleanly be split from the so-called "trusted" networks that would continue to operate. It is however, an interesting concept to thwart broad-scale DDoS attacks.

Security Researcher == Hackers.

[Frosty+Piss]

Security Researcher == Hackers.

Here's an idea

[NoNonAlphaCharsHere]

Haven't the Chinese done some prior research in this area?

were all doomed

eventually all packets traveling across the internet as we know it will require identification signatures so ownership of the packet can be authenticated, packets without identification signatures will not be allowed to transit the network.

Collective punishment of DoS for DDoS

On a network with a bot net controlled DDoS participant? Enjoy getting your access to the US internet DOSed by our new anti-DDoS centralized Dos system! Now enabling entire parts of the internet to be disconnected by capturing a single computer on them!

Don't forget NSA

Even before the Chinese, the Ruskies, even the Martians, NSA has been there

They are there before anyone, they have backdoors in all kinds of communication devices, from Cisco big irons down to our household wifi modem, if there is anything that can be cracked/hacked, be sure NSA knows how to ply it open, remotely

For example, the Internet stoppage for North Korea --- even when the Net feed for NK goes through China, NSA was the one who blocked it

Either the communication equipments in China have already been hacked by NSA, with pre-installed backdoors, or NSA knows exactly which cable feeds in to NK, which is not

Broad-scale DDoS attacks ..

[lippydude]

"One of the brainchildren of the HSD is the creation of what it calls the "Trusted Networks Initiative" that would allow direct denial of service attacks originating from specific countries to be cut off."

How about asking people to switch off their Windows desktop computers?

Re:Broad-scale DDoS attacks ..

Or just kill the connection of infected machines at the ISP. It might ever increase awareness.

Let Me Decide; After All

[BoRegardless]

I can probably do better than Obama & FBI blaming N. Korea in the last few weeks.

VERY GOOD... apk

"Or just kill the connection of infected machines at the ISP. It might ever increase awareness." - Anonymous Coward on Wednesday December 31, 2014 @06:41AM (#48703609)

See subject-line: That's one of the BEST (& most sensible + practical) approaches suggested here imo...

NOW: As to what you CAN do vs. MANY TYPES of DDoS/DoS? Right here, listed (for Microsoft servers mostly, though there ARE some measures that'd apply to *NIX boxes also) -> http://games.slashdot.org/comm...

(I.E.-> It shows the parameters to use vs. "1/2 open connections" that aren't responding, or rather, CAPABLE of responding due to IP address spoofs etc., & turns them off as you see fit based on the parameters you set).

I agree with you TOTALLY though - great idea: Cut the infected/infested boxes off, the owners WILL call the ISP once their service is interrupted, & they can be cleaned up @ that point, removing infestation that makes them DDoS "zombies"...

APK

P.S.=> Of course there's ALSO DNS DDoS - & until DNS itself is fixed vs. it, the ONLY way I could think of (+ create a tool that protects you vs. bushwhacked DNS by avoiding it for your favorite sites you spend MOST of your time @ online) was this -> APK Hosts File Engine 9.0++ 32/64-bit http://start64.com/index.php?o... which a NICE part of "hardcoding" your fav sites not only protects you vs. DNS being downed or redirect poisoned (which 99.999% of ISP dns are NOT patched vs. the kaminsky flaw), but, also speeds you up, by resolving host-domain names to their IP address locally, cached in memory, faster than remote DNS resolutions too (double-bonus) - enjoy (it works, & to quote Howard Stark from the film "Captain America"? Well, hey: "It's stronger than steel, & a third the weight" of other "so-called 'solutions'"...)

... apk

Re:VERY GOOD... apk

[lippydude]

I see I've been honoured by the slashdot troll in residence :)

This is What This Topic Needs

More Yiiippeeee posts!!!

I'm no troll...apk

See my subject-line above, & the post was by a fellow ac like myself, lippydude (not you).

APK

P.S.=> Are you on topic? No. Are you giving me guff?? Yes - Guess what: They BOTH make YOU, the "troll" here, not I... apk