Re: [ISN] Fluffy Bunny No Longer Energized

From: InfoSec News (isnat_private)
Date: Thu Aug 01 2002 - 03:35:12 PDT

Next message: InfoSec News: "[ISN] Security UPDATE, July 31, 2002"

Previous message: InfoSec News: "[ISN] Security czar points finger of blame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Bill Scherr IV <bschnzlat_private>

On 31 Jul 2002 at 2:08, InfoSec News wrote:

> Forwarded from: Darren Reed <darrenrat_private>
> 
> In some email I received from InfoSec News, sie wrote:
> > http://www.wired.com/news/technology/0,1282,54040,00.html
> [...]
> > Using their undetected toehold in Akamai's network, last year some of
> > the group's members contemplated a massive, distributed
> > denial-of-service (DDoS) attack on the Internet's 13 domain-name root
> > servers, according to a source close to Fluffy Bunny.
> 
> [...]
> 
> One thing you've got to realise is that in doing this it would also
> "kill the Internet" for this group of hackers.

Hitting the ROOT domain name servers would only kill name resolution.  
IP addresses and BGP would still work!  Packets would still get from
one place to another.  Attacks could still be launched based on
previously gathered lists.  Are we prepared to investigate without the
DNS system?

> Hacking into web sites maybe fun, as with causing specific web sites
> problems with their web servers but if your attack makes your play
> thing next to useless to yourself, well what's the point of that ?
> It's not like they can just throw it away and get a new one.
> 
> Unfortunately I doubt this was a concern of those involved...
> 
> Darren

Proper administration dictates that backups be made and stored in
accordance with well thought out and tested procedures.  No we can't
just replace it, but we can reboot it and we can determine what each
machine is doing!  The proper response here would be a)  trace the
attack (a HUGE job, requiring HUGE cooperation), and b) restore from
backup....

IF the fuzzy boys have a toehold in akamai, who else has a hold there?  
Has the vulnerability been addressed?  Whether or not the kids were
concerned about their "plaything" is irrelavent.  What is relavent is
are we prepared to saddle and ride this monster we have created!!!  
IMHO, it is well within our potential!!!

> -
> ISN is currently hosted by Attrition.org
> 
> To unsubscribe email majordomoat_private with 'unsubscribe isn'
> in the BODY of the mail.

Bill Scherr IV, GSEC, GCIA
EWA / Information & Infrastructure Technologies
Camp Johnson, Vermont 05446
(802) 338-3213

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Security UPDATE, July 31, 2002"
Previous message: InfoSec News: "[ISN] Security czar points finger of blame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 06:42:57 PDT