Re: [iwar] news

• Next message: St. Clair, James: "RE: [iwar] news"
• Previous message: St. Clair, James: "[iwar] Net access for a price"
• In reply to: Fred Cohen: "[iwar] news"
• Next in thread: Glenn Williamson: "RE: [iwar] news"
• Reply: Glenn Williamson: "RE: [iwar] news"
• Reply: Fred Cohen: "Re: [iwar] news"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-1287-991679458-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 11:31:07 -0700 (PDT)
Received: (qmail 30745 invoked by uid 510); 4 Jun 2001 17:31:46 -0000
Received: from ci.egroups.com (64.211.240.235) by 204.181.12.215 with SMTP; 4 Jun 2001 17:31:46 -0000
X-eGroups-Return: sentto-279987-1287-991679458-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by ci.egroups.com with NNFMP; 04 Jun 2001 18:30:58 -0000
X-Sender: azb@llnl.gov
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_1_3); 4 Jun 2001 18:30:57 -0000
Received: (qmail 66049 invoked from network); 4 Jun 2001 18:29:33 -0000
Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 4 Jun 2001 18:29:33 -0000
Received: from unknown (HELO smtp-2.llnl.gov) (128.115.250.82) by mta2 with SMTP; 4 Jun 2001 18:29:33 -0000
Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id LAA11450 for <iwar@yahoogroups.com>; Mon, 4 Jun 2001 11:29:32 -0700 (PDT)
Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id LAA27170 for <iwar@yahoogroups.com>; Mon, 4 Jun 2001 11:29:32 -0700 (PDT)
Message-Id: <4.3.2.7.2.20010604111849.00b3e9d0@poptop.llnl.gov>
X-Sender: e048786@poptop.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
To: iwar@yahoogroups.com
In-Reply-To: <200106030440.VAA27835@all.net>
From: Tony Bartoletti <azb@llnl.gov>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 04 Jun 2001 11:37:00 -0700
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

At 09:40 PM 6/2/01 -0700, Fred Posted:

>DoS attacks: No remedy in sight Denial-of-service attacks are becoming
>more common and, in many cases, more serious, security experts said in
>the wake of an attack on the Internet's main warning system for security
>threats.  An unknown attacker last week hit the Computer Emergency
>Response Team (CERT) Coordination Center, an important agency for
>passing information on the latest vulnerabilities in computer systems
>among security experts.  The denial-of-service attack flooded the
>center's Web site with data requests and made the site--and its crucial
>security advisories--almost impossible to access for more than 24 hours.
>"While there are other agencies out there providing similar services to
>CERT, what if it had been a more sensitive system or one we had more
>dependence on?" said Stefan Savage, a professor of computer science at
>the University of California, San Diego, and co-founder of security
>company Asta Networks.
>http://www.zdnet.com/zdnn/stories/news/0,4586,5092020,00.html
>http://news.cnet.com/news/0-1003-200-6158264.html
>[FC - of course this is not right - we know how to stop DoS attacks - it's
>just not in the best financial interest of those being attacked.]

Fred, could you elaborate just a bit, both on the "how" and the "financial 
interest" parts?

In Steve Gibson's page on the GRC DOS attack (see 
http://grc.com/dos/grcdos.htm) it is argued that, unlike the network 
"stack" provided by most Unix vendors, which has always given the user full 
access (including the ability to create malformed and false-addressed 
packets,) Microsoft Win* has always shipped a "crippled" stack that denied 
these features, resulting in what Gibson refer's to as "attacks that are 
prone to filtering." However, he warns that they are changing course with 
Win-2000 and XP.

Is the intent to expand the individual's ability to "create protocol"?

To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks.

___tony___



Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900





------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: St. Clair, James: "RE: [iwar] news"
• Previous message: St. Clair, James: "[iwar] Net access for a price"
• In reply to: Fred Cohen: "[iwar] news"
• Next in thread: Glenn Williamson: "RE: [iwar] news"
• Reply: Glenn Williamson: "RE: [iwar] news"
• Reply: Fred Cohen: "Re: [iwar] news"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT