RE: Blitzkrieg Server -- For Real?!

From: Catherine Francis (cfrancisat_private)
Date: Mon May 11 1998 - 07:35:21 PDT

  • Next message: Bennett Todd: "Re: ODBC"

    This article has been the source of a certain amount of speculation and 
    amusement here.  The general feeling, as summed up by one of our 
    to be honest, it reads like the drivel that New Agers spout about their 
    version of Gaia: lots of anthropomorphisms, veiled allusions to some 
    gestalt formed by the intensive interaction of distributed sub-entities, 
    and all that.
    Personally, I believe not a single word.
    What I will believe they have is a traffic monitor, sifting through 
    conversations and matching patterns. Three days' advance warning? Hogwash. 
    What they probably got was the slow start of the attack -- it was just the 
    well-known land2, by the way -- so the filters were in place when the main 
    attack came. CIA claims it's dangerous? If it were they would quietly study 
    it (besides, the NSA would be a more likely agency to get involved), not 
    spout militaristic drivel.
    It was amusing to read that the "Blitzkrieg virtual machine" is "subsuming 
    and taking over" NT. I cannot conceive of any situation where this 
    statement might be true, unless "Blitzkrieg" is a human or machine 
    intelligence ... and they most emphatically don't have a sentient being 
    locked up in an NT box.
    Also, check out the buzzword quotient: lots of martial background music, a 
    high incidence of vague-but-nice-sounding words, and the whole thing reads 
    as if the shop spouting it was the last defense of the Free United States 
    against the Communist Onslaught or the Yellow Peril.
    Finally, a minor item which totally and absolutely discredits the entire 
    load of bull crap: The land2 attack they refer to was done using spoofed 
    source IP addresses. Unless _every_ router from the attacker keeps a 
    complete traffic log, _including_ the port/line from which a particular 
    packet was received, it is not possible to trace such a spoof back after 
    the fact. (It is extremely hard to do _while_ it is happening; compare to 
    an old-style phone trace, looking at relays and calling the next exchange 
    up the line.) For MAE-West alone, such a log would be around one gigabyte 
    *per*second*! Of course, the product could have "invaded, reintegrated and 
    subsumed" the entire routing chain upstream towards the attacker to locate 
    the source -- which would mean that Blitzkrieg is, on the fly, able to 
    generate and upload replacement OSes for a myriad of special-purpose 
    processors in a myriad of configs from Cisco, Bay Networks, and so on. 
    (Note -- Cisco products require a command from a privileged console before 
    even thinking about loading a new OS file.) And all that without disturbing 
    normal operations or alerting the NOC duty engineers to the fact that their 
    routers were taken over ...
    To summarize: A sales spiel or an outright hoax..
    Catherine Francis
    Research & Development Coordinator
    (212) 348-8900
    Intrusion Detection, Inc.
    A Security Dynamics Company
    Makers of the Kane Security Analyst and Kane Security Monitor,
    tools to ensure the overall security of your network
    Reply To:
    Sent: 	Wednesday, May 06, 1998 6:59 PM
    To: 	firewall-wizardsat_private
    Subject: 	Blitzkrieg Server -- For Real?!
         Hello Wizards,
         Came across these links on CNN and the May98 issue of Signal Magazine.
         or the vendor's site
         Article describes new technology developed by a Quantum Physics
         theorist. It's called the Blitzkrieg Server, and seems to be a highly
         advanced AI engine and counter-attack engine for network security.
         The counter-attack supposedly viraly infects the entire network that a 
         hacker originates from.....somemhow.  Seems to have sparked some
         interest from the CIA and such.
         Anyone else heard of this? Seems like pure hype based on fiction to
         me....Is this pure marketing smoke, or is there some sort of unreal
         counter-attack technology bundled into this product?
         Anton Rager

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:02 PDT