Forwarded from: Bill Scherr IV <bschnzlat_private> On 31 Jul 2002 at 2:08, InfoSec News wrote: > Forwarded from: Darren Reed <darrenrat_private> > > In some email I received from InfoSec News, sie wrote: > > http://www.wired.com/news/technology/0,1282,54040,00.html > [...] > > Using their undetected toehold in Akamai's network, last year some of > > the group's members contemplated a massive, distributed > > denial-of-service (DDoS) attack on the Internet's 13 domain-name root > > servers, according to a source close to Fluffy Bunny. > > [...] > > One thing you've got to realise is that in doing this it would also > "kill the Internet" for this group of hackers. Hitting the ROOT domain name servers would only kill name resolution. IP addresses and BGP would still work! Packets would still get from one place to another. Attacks could still be launched based on previously gathered lists. Are we prepared to investigate without the DNS system? > Hacking into web sites maybe fun, as with causing specific web sites > problems with their web servers but if your attack makes your play > thing next to useless to yourself, well what's the point of that ? > It's not like they can just throw it away and get a new one. > > Unfortunately I doubt this was a concern of those involved... > > Darren Proper administration dictates that backups be made and stored in accordance with well thought out and tested procedures. No we can't just replace it, but we can reboot it and we can determine what each machine is doing! The proper response here would be a) trace the attack (a HUGE job, requiring HUGE cooperation), and b) restore from backup.... IF the fuzzy boys have a toehold in akamai, who else has a hold there? Has the vulnerability been addressed? Whether or not the kids were concerned about their "plaything" is irrelavent. What is relavent is are we prepared to saddle and ride this monster we have created!!! IMHO, it is well within our potential!!! > - > ISN is currently hosted by Attrition.org > > To unsubscribe email majordomoat_private with 'unsubscribe isn' > in the BODY of the mail. Bill Scherr IV, GSEC, GCIA EWA / Information & Infrastructure Technologies Camp Johnson, Vermont 05446 (802) 338-3213 - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 06:42:57 PDT