RE: [iwar] news

From: St. Clair, James (
Date: 2001-06-04 12:54:30

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 13:01:08 -0700 (PDT)
Received: (qmail 2593 invoked by uid 510); 4 Jun 2001 19:01:24 -0000
Received: from ( by with SMTP; 4 Jun 2001 19:01:24 -0000
Received: from [] by with NNFMP; 04 Jun 2001 19:56:05 -0000
Received: (EGP: mail-7_1_3); 4 Jun 2001 19:56:04 -0000
Received: (qmail 86027 invoked from network); 4 Jun 2001 19:54:27 -0000
Received: from unknown ( by with QMQP; 4 Jun 2001 19:54:27 -0000
Received: from unknown (HELO ( by mta1 with SMTP; 4 Jun 2001 19:54:27 -0000
Received: by RESTONPO with Internet Mail Service (5.5.2653.19) id <K6W7MPSR>; Mon, 4 Jun 2001 15:54:27 -0400
Message-ID: <B30A25E2D1D2D1118021006097C3AC63C9804C@CCOPO>
To: "''" <>
X-Mailer: Internet Mail Service (5.5.2653.19)
From: "St. Clair, James" <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Mon, 4 Jun 2001 15:54:30 -0400 
Subject: RE: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

As well as how DDoS sophistication will increase with IPv6......


-----Original Message-----
From: Tony Bartoletti []
Sent: Monday, June 04, 2001 2:37 PM
Subject: Re: [iwar] news

At 09:40 PM 6/2/01 -0700, Fred Posted:

>DoS attacks: No remedy in sight Denial-of-service attacks are becoming
>more common and, in many cases, more serious, security experts said in
>the wake of an attack on the Internet's main warning system for security
>threats.  An unknown attacker last week hit the Computer Emergency
>Response Team (CERT) Coordination Center, an important agency for
>passing information on the latest vulnerabilities in computer systems
>among security experts.  The denial-of-service attack flooded the
>center's Web site with data requests and made the site--and its crucial
>security advisories--almost impossible to access for more than 24 hours.
>"While there are other agencies out there providing similar services to
>CERT, what if it had been a more sensitive system or one we had more
>dependence on?" said Stefan Savage, a professor of computer science at
>the University of California, San Diego, and co-founder of security
>company Asta Networks.
>[FC - of course this is not right - we know how to stop DoS attacks - it's
>just not in the best financial interest of those being attacked.]

Fred, could you elaborate just a bit, both on the "how" and the "financial 
interest" parts?

In Steve Gibson's page on the GRC DOS attack (see it is argued that, unlike the network 
"stack" provided by most Unix vendors, which has always given the user full 
access (including the ability to create malformed and false-addressed 
packets,) Microsoft Win* has always shipped a "crippled" stack that denied 
these features, resulting in what Gibson refer's to as "attacks that are 
prone to filtering." However, he warns that they are changing course with 
Win-2000 and XP.

Is the intent to expand the individual's ability to "create protocol"?

To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks.


Tony Bartoletti 925-422-3881 <>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900


Your use of Yahoo! Groups is subject to 


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT