Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private> The sky is falling! We're all going to die! No, it's not. No, we're not The latest "death of the net" rumour has to do with a recent paper that discusses the fact that something called "session hijacking" can be used to force an end to a specific connection (connected sessions over the Internet use an arrangement called TCP). If the session is ended or disconnected, you will be effectively denied the service you were attempting to obtain. Connected sessions are used for everything from transferring files to connecting to the Internet in special ways to virtual private networks. Sometimes they are used to transfer information between the machines that decide where Internet traffic goes (called routers). If the routers can't keep up to date, the Internet will not be as effective as it should be. So you will have heard that there is a new threat to the Internet, that it is a denial of service attack, that it can disconnect you from the net, that it can kill your sessions, that it affects the routers (and a router protocol called BGP), and that sessions can be hijacked. None of this is new. What is new is a paper that was originally presented in England, caught the attention of the media there, and has spread, kinda like a hoax virus warning, from media outlets to bandwagon jumpers in the security field and back to the media, around the world. Denial of service attacks are not new. Session hijacking is not new. Using TCP resets and session hijacking in combination has not been used in specific attacks before, but all the parts of this attack are well known to people who deal with such things. There are even ways to protect against this attack, and some institutions use them. So, rather than talking about the death of the net, and "The Man Who Saved the Internet": Net not dead, but was coughing up blood last night. Phlegm at 11. ====================== (quote inserted randomly by Pegasus Mailer) rslade@private slade@private rslade@private Being in politics is like being a football coach. You have to be smart enough to understand the game and dumb enough to think it's important. http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Fri Apr 23 2004 - 03:55:58 PDT