RE: [gnso-ff-pdp-may08] Cost of Delay - V1.o

["Greg Aaron" <gaaron@xxxxxxxxxxxx>]

I tend to agree with Dave.

I would like see data-driven quantification of the problems related to
criminal fast flux only -- not an estimate of percentage of online crime
overall.  An estimate of how many fluxing domains there are, and what kind
of activity is happening on them, would be very useful to quantify the
problem we are trying to solve.  Unfortunately I have not seen good figures
yet for those metrics, illustrated by the research coming in.

A few observations:
* Most fast-flux domains I see are not selling counterfeit goods or pirated
software, so I have no idea whether they are valid categories to count
equally.  
* The ASProx example is very interesting as it has direct bearing on our
ambit.
*  I'm not aware that all Rock phishing is conducted on fast-flux networks.


All best,
--Greg




-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Mike O'Connor
Sent: Friday, August 01, 2008 9:00 AM
To: Dave Piscitello; fast Flux Workgroup
Subject: Re: [gnso-ff-pdp-may08] Cost of Delay - V1.o


Oops, missed this one.  Sorry about the sluggish reply.

I am a complete nutcase about rooting out WIFMs (What's In It for ME) 
in projects like this.  View this kind of analysis as "aspiration" 
rather than "promise."   It's a goal -- to explain to the 
stakeholders *why* they are working on this, rather than *what* we're 
going to deliver.

So the numbers are always best cloaked with lots of disclaimers, and 
they should always be really conservative.  I think I've shaved the 
impact on cost down to a really small number.  a subset of total 
costs, times 5% impact, times 50% effectiveness, times 10% 
conservatism-correction yields a .25% reduction in the overall 
problem (a 1 in 400 impact) -- not quite in the Glorious Ultimate 
Solution category.  And who knows, we might do better -- what with 
spillover effects and so forth.

I agree with you Dave -- we technologists have a history of 
over-promising.  Credible proposals are really important, but it's 
also really important to have a goal and rationale out there for 
people to aspire to.  This will be hard work -- it's nice to have a 
good reason to do it.

At 09:59 AM 7/31/2008, Dave Piscitello wrote:
>Let's be careful what we claim here.
>
>I don't think we can claim that solving fast flux" mitigates these
problems.
>
>I think we can make a case that taking action to meaningfully reduce 
>any of these costs is desirable, warranted and necessary.
>
>Measures we agree to recommend could contribute to reducing cost. 
>They could also incent the motivated bad actors to find alternative 
>means and opportunities. Both are likely outcomes.
>
>Both are also desirable outcomes.
>
>I'd prefer a tempered interpretation of these stats over one that 
>suggests we are about to deliver a Glorious Ultimate Solution to e-crime.
>
>
>On 7/31/08 10:28 AM, "Mike O'Connor" <mike@xxxxxxxxxx> wrote:
>
>
>
>Ok, here's a back of the envelope story to tell...
>
>1) Taking Joe's references, so far we get a SWAG annual cost of
>attacks of around $500 billion...
>
>Estimate (annual $'s, billions)
>
>Software piracy                 $ 48
>Counterfeit drug sales          $ 75
>Counterfeit goods               $ 200
>Illegal gambling                ---
>Child exploitation              ---
>Slavery                         ---
>Cost of fighting spam           $ 140
>Malware                         $ 13
>
>Total                           $ 476
>
>2) Presume a proportion of those attacks that can be stopped by
>eliminating Fast Flux -- let's use a SWAG of 5%
>
>3) Presume that our proposed actions aren't 100% effective at
>eliminating Fast Flux -- let's use a SWAG 50% effectiveness
>
>4) Then our hypothetical solutions could reduce the annual cost of
>harms by about $12 billion a year ($500b * 50% * 5%)
>
>5) And thus the monthly cost of delay (missed opportunity to save
>that money) is $1 billion.
>
>6) Sure, the numbers need to be firmed up.  Let's say my guesses are
>optimistic by a factor of 10, just to correct for that (and inject a
>proper bean-counter conservatism into the analysis).  So the cost of
>delay is $100,000,000/month.
>
>7) Assume 160 work-hours in a month (I know, hardly any of us only
>work 40 hours a week, but bear with me)
>
>Based on all that, every HOUR we don't solve this costs stakeholders
>$625,000 in lost opportunity to reduce costs.
>
>But wait...  There's more.
>
>Benefits can come from more than cost-reduction.  Most of the time,
>when I am hunting for things to justify a project I look for things
>that fit on the following list;
>
>- Increase revenue
>- Improve quality
>- Reduce response-time
>- Reduce costs
>
>Note that "reduce costs" is at the bottom of the list -- on
>purpose.  Cost-reduction is historically over-promised and
>under-delivered.  Besides, it is a lot more fun to do the other things.
>
>What do you think of the story so far?  Should we kick off threads to
>try to identify the ways that our efforts to curtail Fast Flux could;
>increase revenue, improve quality and/or reduce response-time for
>stakeholders?  I bet those would increase the cost of delay (missed
>opportunity to benefit).
>
>m
>
>
>voice: 651-647-6109
>fax: 866-280-2356
>
>web: www.haven2.com
>
>
>
>
>
>
>
>
>No virus found in this incoming message.
>Checked by AVG - http://www.avg.com
>Version: 8.0.138 / Virus Database: 270.5.7/1581 - Release Date: 
>7/30/2008 6:56 AM