Return-Path: <sentto-279987-3611-1004421326-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 29 Oct 2001 21:56:09 -0800 (PST) Received: (qmail 11511 invoked by uid 510); 30 Oct 2001 05:54:44 -0000 Received: from n30.groups.yahoo.com (216.115.96.80) by 204.181.12.215 with SMTP; 30 Oct 2001 05:54:44 -0000 X-eGroups-Return: sentto-279987-3611-1004421326-fc=all.net@returns.onelist.com Received: from [10.1.1.220] by n30.groups.yahoo.com with NNFMP; 30 Oct 2001 05:55:26 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 30 Oct 2001 05:55:26 -0000 Received: (qmail 50213 invoked from network); 30 Oct 2001 05:55:26 -0000 Received: from unknown (10.1.10.26) by 10.1.1.220 with QMQP; 30 Oct 2001 05:55:26 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 30 Oct 2001 05:55:26 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9U5tSc03931 for iwar@onelist.com; Mon, 29 Oct 2001 21:55:28 -0800 Message-Id: <200110300555.f9U5tSc03931@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 29 Oct 2001 21:55:28 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:DoS.Attacks.Go.For.the.Throat] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit DoS Attacks Go For the Throat By Jim Freund, EarthWeb, 10/29/2001 <a href="http://networking.earthweb.com/netsecur/article/0,,12084_911371,00.html">http://networking.earthweb.com/netsecur/article/0,,12084_911371,00.html> We all yearn for the more innocent time when the acronym DOS stood for your Disk Operating System, or even the Dept. of State for the better traveled. Today, however, it is a term that brings a chill to many technologists -- Denial of Service. Initially, this was largely the realm of minor miscreants, who wanted no more than to target specific Web sites they thought would be cool to disrupt. But now a greater chill has begun to set in as a result of the selective targeting of routers. Of late, the hacker community has taken to discussing 'router protocol attacks' in listservs, Usenet, and at conferences. Attacks against routers can have serious consequences for the Internet at large. Routers can be used for direct attacks against the routing protocols that interconnect the networks comprising the Internet, therefore causing serious service availability issues on a large scale. By dealing with such threats to their infrastructures, network managers will be protecting both their own interests and the interests of all networks to which they connect. Crackers perceive router attacks as attractive for several reasons. Unlike computer systems, routers are generally buried within the infrastructure of an enterprise. Often, they are comparatively less protected by monitors and security policies than computers, providing a safer harbor within which the miscreant can operate. Many routers are poorly deployed, with the vendor-supplied default password the only wall between network security and ruination. Documents circulate supplying advice on procedures for breaking into a router and changing its configuration. Once compromised, the router can be used as a platform for scanning activity, 'spoofing' connections, (disguising the origin of packets,) and as a launch point for DoS attacks. According to Laurie Vickers, a Senior Analyst at Cahners In-Stat Group, "A router is the gateway to a company. They have been the target of hackers and Script Kiddies for quite some time now, but what seems to be occurring is that the hackers are growing more sophisticated. They're finding that the front door is locked, so they go around back and see that the patio door has been left open." Vickers asserts that router attacks can prove devastating to networks as managers try to determine "Which box will it be? Routers often integrate VPN services and/or firewalls, and these make them even juicier targets." Once the router is compromised, the entire network can be up for grabs. A further area for concern is what Carnegie Mellon's Computer Emergency Response Team (CERT) Coordination Center refers to as the shrinkage of 'Time-To-Exploit'. In other words, once a vulnerability in a system or device has been discovered, it takes less time for to exploit it perhaps less time than it takes to author or deploy a security patch. Further, don't look for a particular group or individual to target your systems. Tools used to initiate DoS attacks and to propagate the 'attack toolkits' (the collection of instructions used for the attack) are increasingly automated. Scripts are frequently used for scanning, exploitation, and deployment. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST