Return-Path: <sentto-279987-1287-991679458-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 11:31:07 -0700 (PDT) Received: (qmail 30745 invoked by uid 510); 4 Jun 2001 17:31:46 -0000 Received: from ci.egroups.com (64.211.240.235) by 204.181.12.215 with SMTP; 4 Jun 2001 17:31:46 -0000 X-eGroups-Return: sentto-279987-1287-991679458-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by ci.egroups.com with NNFMP; 04 Jun 2001 18:30:58 -0000 X-Sender: azb@llnl.gov X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 4 Jun 2001 18:30:57 -0000 Received: (qmail 66049 invoked from network); 4 Jun 2001 18:29:33 -0000 Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 4 Jun 2001 18:29:33 -0000 Received: from unknown (HELO smtp-2.llnl.gov) (128.115.250.82) by mta2 with SMTP; 4 Jun 2001 18:29:33 -0000 Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id LAA11450 for <iwar@yahoogroups.com>; Mon, 4 Jun 2001 11:29:32 -0700 (PDT) Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id LAA27170 for <iwar@yahoogroups.com>; Mon, 4 Jun 2001 11:29:32 -0700 (PDT) Message-Id: <4.3.2.7.2.20010604111849.00b3e9d0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 To: iwar@yahoogroups.com In-Reply-To: <200106030440.VAA27835@all.net> From: Tony Bartoletti <azb@llnl.gov> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 04 Jun 2001 11:37:00 -0700 Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] news Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit At 09:40 PM 6/2/01 -0700, Fred Posted: >DoS attacks: No remedy in sight Denial-of-service attacks are becoming >more common and, in many cases, more serious, security experts said in >the wake of an attack on the Internet's main warning system for security >threats. An unknown attacker last week hit the Computer Emergency >Response Team (CERT) Coordination Center, an important agency for >passing information on the latest vulnerabilities in computer systems >among security experts. The denial-of-service attack flooded the >center's Web site with data requests and made the site--and its crucial >security advisories--almost impossible to access for more than 24 hours. >"While there are other agencies out there providing similar services to >CERT, what if it had been a more sensitive system or one we had more >dependence on?" said Stefan Savage, a professor of computer science at >the University of California, San Diego, and co-founder of security >company Asta Networks. >http://www.zdnet.com/zdnn/stories/news/0,4586,5092020,00.html >http://news.cnet.com/news/0-1003-200-6158264.html >[FC - of course this is not right - we know how to stop DoS attacks - it's >just not in the best financial interest of those being attacked.] Fred, could you elaborate just a bit, both on the "how" and the "financial interest" parts? In Steve Gibson's page on the GRC DOS attack (see http://grc.com/dos/grcdos.htm) it is argued that, unlike the network "stack" provided by most Unix vendors, which has always given the user full access (including the ability to create malformed and false-addressed packets,) Microsoft Win* has always shipped a "crippled" stack that denied these features, resulting in what Gibson refer's to as "attacks that are prone to filtering." However, he warns that they are changing course with Win-2000 and XP. Is the intent to expand the individual's ability to "create protocol"? To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks. ___tony___ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT