This article has been the source of a certain amount of speculation and amusement here. The general feeling, as summed up by one of our developers: to be honest, it reads like the drivel that New Agers spout about their version of Gaia: lots of anthropomorphisms, veiled allusions to some gestalt formed by the intensive interaction of distributed sub-entities, and all that. Personally, I believe not a single word. What I will believe they have is a traffic monitor, sifting through conversations and matching patterns. Three days' advance warning? Hogwash. What they probably got was the slow start of the attack -- it was just the well-known land2, by the way -- so the filters were in place when the main attack came. CIA claims it's dangerous? If it were they would quietly study it (besides, the NSA would be a more likely agency to get involved), not spout militaristic drivel. It was amusing to read that the "Blitzkrieg virtual machine" is "subsuming and taking over" NT. I cannot conceive of any situation where this statement might be true, unless "Blitzkrieg" is a human or machine intelligence ... and they most emphatically don't have a sentient being locked up in an NT box. Also, check out the buzzword quotient: lots of martial background music, a high incidence of vague-but-nice-sounding words, and the whole thing reads as if the shop spouting it was the last defense of the Free United States against the Communist Onslaught or the Yellow Peril. Finally, a minor item which totally and absolutely discredits the entire load of bull crap: The land2 attack they refer to was done using spoofed source IP addresses. Unless _every_ router from the attacker keeps a complete traffic log, _including_ the port/line from which a particular packet was received, it is not possible to trace such a spoof back after the fact. (It is extremely hard to do _while_ it is happening; compare to an old-style phone trace, looking at relays and calling the next exchange up the line.) For MAE-West alone, such a log would be around one gigabyte *per*second*! Of course, the product could have "invaded, reintegrated and subsumed" the entire routing chain upstream towards the attacker to locate the source -- which would mean that Blitzkrieg is, on the fly, able to generate and upload replacement OSes for a myriad of special-purpose processors in a myriad of configs from Cisco, Bay Networks, and so on. (Note -- Cisco products require a command from a privileged console before even thinking about loading a new OS file.) And all that without disturbing normal operations or alerting the NOC duty engineers to the fact that their routers were taken over ... To summarize: A sales spiel or an outright hoax.. Catherine Francis Research & Development Coordinator (212) 348-8900 cfrancisat_private ------------------------------------ Intrusion Detection, Inc. A Security Dynamics Company Makers of the Kane Security Analyst and Kane Security Monitor, tools to ensure the overall security of your network ---------- From: arager@McGraw-Hill.com[SMTP:arager@McGraw-Hill.com] Reply To: arager@McGraw-Hill.com Sent: Wednesday, May 06, 1998 6:59 PM To: firewall-wizardsat_private Subject: Blitzkrieg Server -- For Real?! Hello Wizards, Came across these links on CNN and the May98 issue of Signal Magazine. see: http://www.us.net/signal/CurrentIssue/May98/make-may.html or the vendor's site http://www.fvg.com/ Article describes new technology developed by a Quantum Physics theorist. It's called the Blitzkrieg Server, and seems to be a highly advanced AI engine and counter-attack engine for network security. The counter-attack supposedly viraly infects the entire network that a hacker originates from.....somemhow. Seems to have sparked some interest from the CIA and such. Anyone else heard of this? Seems like pure hype based on fiction to me....Is this pure marketing smoke, or is there some sort of unreal counter-attack technology bundled into this product? Anton Rager arager@McGraw-Hill.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:02 PDT