Return-Path: <sentto-279987-1288-991684565-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 13:01:08 -0700 (PDT) Received: (qmail 2593 invoked by uid 510); 4 Jun 2001 19:01:24 -0000 Received: from fk.egroups.com (64.211.240.232) by 204.181.12.215 with SMTP; 4 Jun 2001 19:01:24 -0000 X-eGroups-Return: sentto-279987-1288-991684565-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by fk.egroups.com with NNFMP; 04 Jun 2001 19:56:05 -0000 X-Sender: JStClair@vredenburg.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 4 Jun 2001 19:56:04 -0000 Received: (qmail 86027 invoked from network); 4 Jun 2001 19:54:27 -0000 Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 4 Jun 2001 19:54:27 -0000 Received: from unknown (HELO restonpo.vredenburg.com) (64.242.205.4) by mta1 with SMTP; 4 Jun 2001 19:54:27 -0000 Received: by RESTONPO with Internet Mail Service (5.5.2653.19) id <K6W7MPSR>; Mon, 4 Jun 2001 15:54:27 -0400 Message-ID: <B30A25E2D1D2D1118021006097C3AC63C9804C@CCOPO> To: "'iwar@yahoogroups.com'" <iwar@yahoogroups.com> X-Mailer: Internet Mail Service (5.5.2653.19) From: "St. Clair, James" <jstclair@vredenburg.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 4 Jun 2001 15:54:30 -0400 Reply-To: iwar@yahoogroups.com Subject: RE: [iwar] news Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit As well as how DDoS sophistication will increase with IPv6...... Jim -----Original Message----- From: Tony Bartoletti [mailto:azb@llnl.gov] Sent: Monday, June 04, 2001 2:37 PM To: iwar@yahoogroups.com Subject: Re: [iwar] news At 09:40 PM 6/2/01 -0700, Fred Posted: >DoS attacks: No remedy in sight Denial-of-service attacks are becoming >more common and, in many cases, more serious, security experts said in >the wake of an attack on the Internet's main warning system for security >threats. An unknown attacker last week hit the Computer Emergency >Response Team (CERT) Coordination Center, an important agency for >passing information on the latest vulnerabilities in computer systems >among security experts. The denial-of-service attack flooded the >center's Web site with data requests and made the site--and its crucial >security advisories--almost impossible to access for more than 24 hours. >"While there are other agencies out there providing similar services to >CERT, what if it had been a more sensitive system or one we had more >dependence on?" said Stefan Savage, a professor of computer science at >the University of California, San Diego, and co-founder of security >company Asta Networks. >http://www.zdnet.com/zdnn/stories/news/0,4586,5092020,00.html >http://news.cnet.com/news/0-1003-200-6158264.html >[FC - of course this is not right - we know how to stop DoS attacks - it's >just not in the best financial interest of those being attacked.] Fred, could you elaborate just a bit, both on the "how" and the "financial interest" parts? In Steve Gibson's page on the GRC DOS attack (see http://grc.com/dos/grcdos.htm) it is argued that, unlike the network "stack" provided by most Unix vendors, which has always given the user full access (including the ability to create malformed and false-addressed packets,) Microsoft Win* has always shipped a "crippled" stack that denied these features, resulting in what Gibson refer's to as "attacks that are prone to filtering." However, he warns that they are changing course with Win-2000 and XP. Is the intent to expand the individual's ability to "create protocol"? To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks. ___tony___ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT