[iwar] [fc:'Dark.web.space'.hides.net.nasties]

From: Fred Cohen (fc@all.net)
Date: 2001-11-14 19:48:14


Return-Path: <sentto-279987-3875-1005796052-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 14 Nov 2001 20:09:07 -0800 (PST)
Received: (qmail 6284 invoked by uid 510); 15 Nov 2001 04:06:37 -0000
Received: from n26.groups.yahoo.com (216.115.96.76) by all.net with SMTP; 15 Nov 2001 04:06:37 -0000
X-eGroups-Return: sentto-279987-3875-1005796052-fc=all.net@returns.groups.yahoo.com
Received: from [10.1.4.55] by n26.groups.yahoo.com with NNFMP; 15 Nov 2001 03:45:48 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 15 Nov 2001 03:47:32 -0000
Received: (qmail 83114 invoked from network); 15 Nov 2001 03:47:31 -0000
Received: from unknown (216.115.97.171) by m11.grp.snv.yahoo.com with QMQP; 15 Nov 2001 03:47:31 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 15 Nov 2001 03:47:30 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAF3mEA23708 for iwar@onelist.com; Wed, 14 Nov 2001 19:48:14 -0800
Message-Id: <200111150348.fAF3mEA23708@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 14 Nov 2001 19:48:14 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:'Dark.web.space'.hides.net.nasties]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

'Dark web space' hides net nasties 
By James Middleton, VNU Net, 11/14/2001 http://www.vnunet.com/News/1126843

Results of a three-year study on internet 'reachability' have confirmed
that the web is partitioned and littered with pockets of 'dark web
space' which are home to some of the internet's nasties. The existence
of dark web space runs contrary to the common belief that the internet
is one fully connected graph. The research suggests that the web is
partitioned and some prefixes are available for some providers, and not
others.  But more worryingly, the study found that this dark space is
often used as a launch pad for fleeting internet attacks or as a
spamming platform.  A report released by Arbor Networks has revealed
that as much as five per cent of the internet could exist in dark web
space, a figure representing tens of millions of possible end hosts. Arbor found 
that these short-lived routing activities, like spamming,
indicated a misuse of the routing infrastructure. The findings backed up
last month's warning from the Computer Emergency Response Team that
hackers may increasingly be targeting routing infrastructures as a
platform for denial of service attacks. These murky parts of the
internet could also be used to intentionally 'black hole' a target
network's traffic.  Arbor also found a large number of SMTP servers,
including over 40,000 unique mail sources, a number of which were
associated closely with known spamming incidents. These net nasties work
by exploiting inherent weaknesses in the web's routing infrastructure. If a router 
can stake a claim on a block of address space, the rest of
the net's infrastructure will simply accept it and route all traffic for
that block. Because routers aren't set up to log such incidents, these
dark corners of the web represent pockets of malicious or sinister
activity and "intentional misuse and co-option of the internet routing
infrastructure", said Arbor.  The research found that over 70 per cent
of the discovered disenfranchised hosts responded to 'reachability'
tests identifying them as cable or ISDN pools, as well as US military
networks.  Strangely, a further 24 per cent of hosts responded to active
availability tests, but had neither addressing nor routing information
available. Arbor is now researching further into this area.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Universal Inkjet Refill Kit $29.95
Refill any ink cartridge for less!
Includes black and color ink.
http://us.click.yahoo.com/Vv.L9D/MkNDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST