RE: [iwar] news

From: Glenn Williamson (
Date: 2001-06-04 16:48:31

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 16:51:08 -0700 (PDT)
Received: (qmail 14033 invoked by uid 510); 4 Jun 2001 22:51:12 -0000
Received: from ( by with SMTP; 4 Jun 2001 22:51:12 -0000
Received: from [] by with NNFMP; 04 Jun 2001 23:50:20 -0000
Received: (EGP: mail-7_1_3); 4 Jun 2001 23:49:24 -0000
Received: (qmail 37149 invoked from network); 4 Jun 2001 23:49:23 -0000
Received: from unknown ( by with QMQP; 4 Jun 2001 23:49:23 -0000
Received: from unknown (HELO ( by mta3 with SMTP; 4 Jun 2001 23:49:23 -0000
Received: from home ([]) by (InterMail vM. 201-229-121-116-20010115) with SMTP id <> for <>; Mon, 4 Jun 2001 19:49:21 -0400
To: <>
Message-ID: <000601c0ed50$dc2ee000$679dacce@home>
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: High
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
In-Reply-To: <>
X-eGroups-From: "Glenn Williamson" <>
From: "Glenn Williamson" <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Mon, 4 Jun 2001 19:48:31 -0400
Subject: RE: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


 I have to totally agree with a couple of statements Tony et al have stated
in regard to the DOS that CERT and others experience, having seen them and
having quickly altered router settings so the malformed/misguided protocol
packets do not make it in, I understand the time it takes and the cost
associated with it. But having spent time digesting Steve's work a couple of
days ago, I don't think so much that MS is giving people the ability to
create protocols, I think they are giving them the ability to destroy
protocols. If we eventually get to the point we have to stop allowing
certain protocols to cross the bandwidth then is it not destroying the much
needed protocol. Originally the Net was not there to hide information inside
of various protocols, but that is what it has turned to as we can not stem
the the ability of software to allow full control of protocols
(misconfigure/mis-construct) to the point they cause damage, vice what the
internet was originally made for.

 Well that was my CDN 2 cents worth.

65 Iber Rd
Stittsville, Ont
613-831-0888 (ext# 3055) <>

-----Original Message-----
From: Tony Bartoletti []
Sent: Monday, June 04, 2001 2:37 PM
Subject: Re: [iwar] news

At 09:40 PM 6/2/01 -0700, Fred Posted:

>DoS attacks: No remedy in sight Denial-of-service attacks are becoming
>more common and, in many cases, more serious, security experts said in
>the wake of an attack on the Internet's main warning system for security
>threats.  An unknown attacker last week hit the Computer Emergency
>Response Team (CERT) Coordination Center, an important agency for
>passing information on the latest vulnerabilities in computer systems
>among security experts.  The denial-of-service attack flooded the
>center's Web site with data requests and made the site--and its crucial
>security advisories--almost impossible to access for more than 24 hours.
>"While there are other agencies out there providing similar services to
>CERT, what if it had been a more sensitive system or one we had more
>dependence on?" said Stefan Savage, a professor of computer science at
>the University of California, San Diego, and co-founder of security
>company Asta Networks.
>[FC - of course this is not right - we know how to stop DoS attacks - it's
>just not in the best financial interest of those being attacked.]

Fred, could you elaborate just a bit, both on the "how" and the "financial
interest" parts?

In Steve Gibson's page on the GRC DOS attack (see it is argued that, unlike the network
"stack" provided by most Unix vendors, which has always given the user full
access (including the ability to create malformed and false-addressed
packets,) Microsoft Win* has always shipped a "crippled" stack that denied
these features, resulting in what Gibson refer's to as "attacks that are
prone to filtering." However, he warns that they are changing course with
Win-2000 and XP.

Is the intent to expand the individual's ability to "create protocol"?

To paraphrase Gibson, "You ain't seen nothin' yet" w.r.t. DDoS attacks.


Tony Bartoletti 925-422-3881 <>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900


Your use of Yahoo! Groups is subject to


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT