Re: Recent Attacks

From: Frank L. Heidt (heidtfat_private)
Date: Wed Feb 16 2000 - 15:10:06 PST

Next message: Stephen Seal: "RE: Recent Attacks"

Previous message: Troy Henley: "RE: Recent Attacks"
Maybe in reply to: hndat_private: "Recent Attacks"
Next in thread: Stephen Seal: "RE: Recent Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Without belaboring the obvious, the apparent objective of the recent  dds
attack was vandalism writ large. The code in question was not 'great' per se,
in actuality it's extraordinarily obvious. No clever exploitation of subtle
interactions in IP, no earth shaking revelations of basic flaws, ( the flaws
are very well know). Just a plain vanilla DOS written as a client/server app,
with some obnoxious randomization in the various header fields of the
generated packets.

<Conjecture>

I 'know' (read- think) that the wake up call has successfully been delivered.
These attacks didn't just evaporate, they stopped. I don't think the folks who
released the packet storm had a stunning moral conversion. rather, it is my
conjecture that a few major '.net's are no longer forwarding traffic with non
routable or spoofed address from boundary routers. Just a though.

</Conjecture>

IMHO, anyone who knowingly allows traffic out of their AS's with spoofed
address information is guilty of, at the very least, bad manners.  And now,
after Mixter's 'experiment' has been activated, maybe something much worse. We
do after all live in a litigious society.

As to why the perpetrators didn't go after the root servers: besides technical
details, one sentence: Wizard don't let children play in the tower
unsupervised. ;-)

"Starkey, Kyle" wrote:

> I don't believe that this was the total objective.  I believe (and this is
> only conjecture) that their point was the actual vulnerability itself.  The
> DoS and the newly created DDos attacks are VERY simple to use and widely
> available.  I think the point was "Hey, check out this great piece of code
> that is really easy to use and the MAJOR players on the internet are still
> vulnerable."  I am hopeing it was more of a wake up call than it was
> malicious, but who knows.
>
> -Kyle
> Information Security
> MSDW Online
>
> From: hndat_private [mailto:hndat_private]
>
> ...If these hacker really do want to create massive scale
> problems why not hack the root servers?!!!!!!!  This will bring down the
> whole internet.

Next message: Stephen Seal: "RE: Recent Attacks"
Previous message: Troy Henley: "RE: Recent Attacks"
Maybe in reply to: hndat_private: "Recent Attacks"
Next in thread: Stephen Seal: "RE: Recent Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:11 PDT