Return-Path: <sentto-279987-1289-991698564-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 16:51:08 -0700 (PDT) Received: (qmail 14033 invoked by uid 510); 4 Jun 2001 22:51:12 -0000 Received: from ej.egroups.com (64.211.240.230) by 204.181.12.215 with SMTP; 4 Jun 2001 22:51:12 -0000 X-eGroups-Return: sentto-279987-1289-991698564-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by ej.egroups.com with NNFMP; 04 Jun 2001 23:50:20 -0000 X-Sender: glenn.williamson@sympatico.ca X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 4 Jun 2001 23:49:24 -0000 Received: (qmail 37149 invoked from network); 4 Jun 2001 23:49:23 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 4 Jun 2001 23:49:23 -0000 Received: from unknown (HELO tomts14-srv.bellnexxia.net) (209.226.175.35) by mta3 with SMTP; 4 Jun 2001 23:49:23 -0000 Received: from home ([206.172.157.103]) by tomts14-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010604234921.DREO2764.tomts14-srv.bellnexxia.net@home> for <iwar@yahoogroups.com>; Mon, 4 Jun 2001 19:49:21 -0400 To: <iwar@yahoogroups.com> Message-ID: <000601c0ed50$dc2ee000$679dacce@home> X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: High X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 In-Reply-To: <4.3.2.7.2.20010604111849.00b3e9d0@poptop.llnl.gov> X-eGroups-From: "Glenn Williamson" <glenn.williamson@sympatico.ca> From: "Glenn Williamson" <Glenn_Williamson@ottawa.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 4 Jun 2001 19:48:31 -0400 Reply-To: iwar@yahoogroups.com Subject: RE: [iwar] news Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit All, I have to totally agree with a couple of statements Tony et al have stated in regard to the DOS that CERT and others experience, having seen them and having quickly altered router settings so the malformed/misguided protocol packets do not make it in, I understand the time it takes and the cost associated with it. But having spent time digesting Steve's work a couple of days ago, I don't think so much that MS is giving people the ability to create protocols, I think they are giving them the ability to destroy protocols. If we eventually get to the point we have to stop allowing certain protocols to cross the bandwidth then is it not destroying the much needed protocol. Originally the Net was not there to hide information inside of various protocols, but that is what it has turned to as we can not stem the the ability of software to allow full control of protocols (misconfigure/mis-construct) to the point they cause damage, vice what the internet was originally made for. Well that was my CDN 2 cents worth. Glenn XWAVE <http://www.xwave.com/> 65 Iber Rd Stittsville, Ont 613-831-0888 (ext# 3055) mailto:Glenn.Williamson@xwave.com <mailto:Glenn.Williamson@xwave.com> -----Original Message----- From: Tony Bartoletti [mailto:azb@llnl.gov] Sent: Monday, June 04, 2001 2:37 PM To: iwar@yahoogroups.com Subject: Re: [iwar] news At 09:40 PM 6/2/01 -0700, Fred Posted: >DoS attacks: No remedy in sight Denial-of-service attacks are becoming >more common and, in many cases, more serious, security experts said in >the wake of an attack on the Internet's main warning system for security >threats. An unknown attacker last week hit the Computer Emergency >Response Team (CERT) Coordination Center, an important agency for >passing information on the latest vulnerabilities in computer systems >among security experts. The denial-of-service attack flooded the >center's Web site with data requests and made the site--and its crucial >security advisories--almost impossible to access for more than 24 hours. >"While there are other agencies out there providing similar services to >CERT, what if it had been a more sensitive system or one we had more >dependence on?" said Stefan Savage, a professor of computer science at >the University of California, San Diego, and co-founder of security >company Asta Networks. >http://www.zdnet.com/zdnn/stories/news/0,4586,5092020,00.html >http://news.cnet.com/news/0-1003-200-6158264.html >[FC - of course this is not right - we know how to stop DoS attacks - it's >just not in the best financial interest of those being attacked.] Fred, could you elaborate just a bit, both on the "how" and the "financial interest" parts? In Steve Gibson's page on the GRC DOS attack (see http://grc.com/dos/grcdos.htm) it is argued that, unlike the network "stack" provided by most Unix vendors, which has always given the user full access (including the ability to create malformed and false-addressed packets,) Microsoft Win* has always shipped a "crippled" stack that denied these features, resulting in what Gibson refer's to as "attacks that are prone to filtering." However, he warns that they are changing course with Win-2000 and XP. Is the intent to expand the individual's ability to "create protocol"? To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks. ___tony___ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT