Re: Blitzkrieg Server -- For Real?!

From: Rick Smith (rick_smithat_private)
Date: Fri May 08 1998 - 13:52:34 PDT

  • Next message: HSKarim: "Re: RST's and ACK's and stealth scans"

    At 5:59 PM -0500 5/6/98, wrote:
    >     Came across these links on CNN and the May98 issue of Signal Magazine.
    >     see:
    >     Article describes new technology developed by a Quantum Physics
    >     theorist. It's called the Blitzkrieg Server, and seems to be a highly
    >     advanced AI engine and counter-attack engine for network security.
    >     The counter-attack supposedly viraly infects the entire network that a
    >     hacker originates from.....somemhow.  Seems to have sparked some
    >     interest from the CIA and such.
    It just goes to show that the CIA is diligently checking out *anything*
    they can, no matter how silly it might look. And Signal should never be
    confused with a refereed journal.
    It is somewhat difficult to wade through the idiosyncratic terminology, but
    it really doesn't look as if Blitzkrieg is doing anything unusual. You can
    probably get comparable or better results with intrusion detection and
    security systems produced by reputable vendors that use the same
    terminology as everyone else.
    It doesn't look to me as if the "viral infection" mechanism is used to
    attack the hacker's network. Instead, it's an intentionally lurid term used
    to describe how the system installs itself in the system being *protected*.
    It "attacks the attackers" only by interfering with their activities on the
    protected network. It doesn't reach out into outside networks to attack the
    attackers -- such behavior is arguably illegal, anyway.
    In plain geek-speak, it looks like the Blitzkrieg server sends kernel
    patches to all the hosts within a network being protected. This produces a
    distributed computing system comprised of all the hosts that contain these
    patches. The overall system can monitor or control the security status of
    individual "patched" hosts since the kernel patches provide access to host
    security configuration and status. The patches interact with each other and
    the server via "encrypted" data links. The patches themselves are evidently
    "encrypted" themselves whenever a given patch isn't operating (a property
    of conventional "stealth" viruses). The patch software implements a "state
    machine" that executes "variable length string transformation rules." These
    rules are "self programmed," so we're probably looking at intrusion
    detection based on behavior profiling.
    I regret to declare that I see no magic here, no emerging machine
    intelligence that will solve our security problems for us. This "quantum
    physics theorist" hasn't repealed the laws of computation. The halting
    problem looks safe for now, anyway.
    Incidentally, the Web site contained *nothing* about Blitzkrieg.
    But that's just talking about the basic technology claims. The article also
    describes a Clancy-esque information warfare attack on the US by "Japanese
    nationals" that happened some time "recently." Allegedly the attack was
    predicted, specifically identified, and successfully battled back by the
    Blitzkrieg system. It seems that this could be deconstructed into the story
    of the recent NT attacks with various other things added for flavor, as
    retold by Weekly World News.

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:48 PDT