Re: [iwar] news

From: Fred Cohen (
Date: 2001-06-04 19:20:01

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 04 Jun 2001 19:21:07 -0700 (PDT)
Received: (qmail 21080 invoked by uid 510); 5 Jun 2001 01:20:50 -0000
Received: from ( by with SMTP; 5 Jun 2001 01:20:50 -0000
Received: from [] by with NNFMP; 05 Jun 2001 02:20:04 -0000
Received: (EGP: mail-7_1_3); 5 Jun 2001 02:20:03 -0000
Received: (qmail 69376 invoked from network); 5 Jun 2001 02:20:02 -0000
Received: from unknown ( by with QMQP; 5 Jun 2001 02:20:02 -0000
Received: from unknown (HELO ( by mta3 with SMTP; 5 Jun 2001 02:20:01 -0000
Received: (from fc@localhost) by (8.9.3/8.7.3) id TAA15420 for; Mon, 4 Jun 2001 19:20:01 -0700
Message-Id: <>
In-Reply-To: <> from "Tony Bartoletti" at Jun 04, 2001 11:37:00 AM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Mon, 4 Jun 2001 19:20:01 -0700 (PDT)
Subject: Re: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by Tony Bartoletti:

> At 09:40 PM 6/2/01 -0700, Fred Posted:

> >DoS attacks: No remedy in sight Denial-of-service attacks are becoming
> >more common and, in many cases, more serious, security experts said in
> >the wake of an attack on the Internet's main warning system for security
> >threats.  An unknown attacker last week hit the Computer Emergency
> >Response Team (CERT) Coordination Center, an important agency for
> >passing information on the latest vulnerabilities in computer systems
> >among security experts. ...

> >[FC - of course this is not right - we know how to stop DoS attacks - it's
> >just not in the best financial interest of those being attacked.]

> Fred, could you elaborate just a bit, both on the "how" and the "financial 
> interest" parts?

"No remedy in sight" - there are several viable remedies and they have
existed for some time.  They do cost money of course.  An example was
provided in:
		Managing Network Security =>
			April, 2000 - Countering DCAs

There are also several viable commercial solutions being funded today.

"(CERT) Coordination Center, an important agency for passing information
on the latest vulnerabilities in computer systems among security

They are only "important" to themselves as far as I can tell - and they
are not an agency - they are essentially a business that's (still?) part
of C-MU and funded by the government.  And as far as I can tell they
never really pass information about vulnerabilities among experts -
because most experts aren't wiling to wait for weeks to months before
hearing about problems and most experts I know prefer getting the
information directly from the source rather than filtered through the
CERT official process.

Of course they also didn't bother mentioning distributed coordinated
attacks till several years after I sent them informaiton on them (and
reports of them) and they didn't bother to cite my paper on how to
defeat IP address forgery when they made their announcement on it
several years back and used the precise details I provided in a
publication released a few months earlier...  so I am not what you would
call an objective observer...

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: - - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: - Have a great day!!!


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT