The attacks on Estonia by Russians (or Russia?)

people have been wondering why i’ve been keeping quiet on this issue, especially since i was right there helping out.

a lot of people had information to share and emotions to get out of the way. also, it was really not my place reply on this – with all the work done by the estonians, my contributions were secondary. mr. alexander harrowell discussed this with me off mailing lists, and our discussions are public on his blog. information from bill woodcock on nanog was also sound.

as to what actually happened over there, more information should become available soon and i will send it here. i keep getting stuck when trying to write the post-mortem and attack/defense analysis as i keep hitting a stone wall i did not expect: strategy. suggestions for the future is also a part of that document, so i will speed it up with a more down-to-earth technical analysis (which is what i promised cert-ee).

in the past i’ve been able to consider information warfare as a part of a larger strategy, utilizing it as a weapon. i was able to think of impact and tools, not to mention (mostly) disconnected attacks and defenses.

i keep seeing strategy for the use in information warfare battles as i write this document on what happened in estonia, and i believe i need more time to explore this against my previous take on the issue, as well as take a look at some classics such as clausewitz, as posh as
it may sound.

thanks,

gadi evron,
ge@beyondsecurity.com.

Share
  • Tom Miller

    Just caught this by accident, one thought: consider reading up on Boyd (decision loop stuff) as well as Clausewitz.

  • Craig Johnson

    I saw your presentation on this at DEFCON. Awesome. Good job on putting the hecklers in their place.

    I was curious about the network monitoring readout you showed on the slide. You said the DOS attacks started on the 27th but the readout showed Wed at midnight when the two short bursts of traffic started and midnight when the DOS started ramping up. This means it either started on the 25th of April or 9th of May. Could you tell me what date this took place (or was the equipment dates just off)? thank you and have a great weekend.

    Craig