RE: [iwar] news

From: St. Clair, James (jstclair@vredenburg.com)
Date: 2001-06-04 12:54:30


Return-Path: <sentto-279987-1288-991684565-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 13:01:08 -0700 (PDT)
Received: (qmail 2593 invoked by uid 510); 4 Jun 2001 19:01:24 -0000
Received: from fk.egroups.com (64.211.240.232) by 204.181.12.215 with SMTP; 4 Jun 2001 19:01:24 -0000
X-eGroups-Return: sentto-279987-1288-991684565-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by fk.egroups.com with NNFMP; 04 Jun 2001 19:56:05 -0000
X-Sender: JStClair@vredenburg.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_1_3); 4 Jun 2001 19:56:04 -0000
Received: (qmail 86027 invoked from network); 4 Jun 2001 19:54:27 -0000
Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 4 Jun 2001 19:54:27 -0000
Received: from unknown (HELO restonpo.vredenburg.com) (64.242.205.4) by mta1 with SMTP; 4 Jun 2001 19:54:27 -0000
Received: by RESTONPO with Internet Mail Service (5.5.2653.19) id <K6W7MPSR>; Mon, 4 Jun 2001 15:54:27 -0400
Message-ID: <B30A25E2D1D2D1118021006097C3AC63C9804C@CCOPO>
To: "'iwar@yahoogroups.com'" <iwar@yahoogroups.com>
X-Mailer: Internet Mail Service (5.5.2653.19)
From: "St. Clair, James" <jstclair@vredenburg.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 4 Jun 2001 15:54:30 -0400 
Reply-To: iwar@yahoogroups.com
Subject: RE: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

As well as how DDoS sophistication will increase with IPv6......

Jim 


-----Original Message-----
From: Tony Bartoletti [mailto:azb@llnl.gov]
Sent: Monday, June 04, 2001 2:37 PM
To: iwar@yahoogroups.com
Subject: Re: [iwar] news


At 09:40 PM 6/2/01 -0700, Fred Posted:

>DoS attacks: No remedy in sight Denial-of-service attacks are becoming
>more common and, in many cases, more serious, security experts said in
>the wake of an attack on the Internet's main warning system for security
>threats.  An unknown attacker last week hit the Computer Emergency
>Response Team (CERT) Coordination Center, an important agency for
>passing information on the latest vulnerabilities in computer systems
>among security experts.  The denial-of-service attack flooded the
>center's Web site with data requests and made the site--and its crucial
>security advisories--almost impossible to access for more than 24 hours.
>"While there are other agencies out there providing similar services to
>CERT, what if it had been a more sensitive system or one we had more
>dependence on?" said Stefan Savage, a professor of computer science at
>the University of California, San Diego, and co-founder of security
>company Asta Networks.
>http://www.zdnet.com/zdnn/stories/news/0,4586,5092020,00.html
>http://news.cnet.com/news/0-1003-200-6158264.html
>[FC - of course this is not right - we know how to stop DoS attacks - it's
>just not in the best financial interest of those being attacked.]

Fred, could you elaborate just a bit, both on the "how" and the "financial 
interest" parts?

In Steve Gibson's page on the GRC DOS attack (see 
http://grc.com/dos/grcdos.htm) it is argued that, unlike the network 
"stack" provided by most Unix vendors, which has always given the user full 
access (including the ability to create malformed and false-addressed 
packets,) Microsoft Win* has always shipped a "crippled" stack that denied 
these features, resulting in what Gibson refer's to as "attacks that are 
prone to filtering." However, he warns that they are changing course with 
Win-2000 and XP.

Is the intent to expand the individual's ability to "create protocol"?

To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks.

___tony___



Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900





------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT