Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply

From: "Andrew J. Luca" <andrewluca () mediaone net>
Date: Wed, 19 Apr 2000 11:30:55 -0400
Mark,

        While I agree that starting with a security focus can reduce risk, the
problems with IP DOS are inherent in the protocol and can't really be
completely removed -- no matter how dilligent you are.  The ability to
leverage unsuspecting parties can be reduced or even removed.  However, if
you have access to a big, fat pipe and enough horsepower to pump out a
sufficient amount of traffic, you can always clog up an attackee's pipe --
even if you are using an adaptive filtering technology on the remote end.

Drew

-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of
Mark.Teicher () predictive com
Sent: Thursday, April 13, 2000 8:55 AM
To: ajl () virtualpurchasecard com
Cc: firewall-wizards () nfr net; JCarson () smartronix com
Subject: RE: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping
DOS Attacks (fwd) -reply


Andrew,

A familiar poster, I have always been under the impression "If you plan
your network carefully" it will withstand the test of time.  Most
sysadmins do not have the luxury of constructing a network correctly due
to mitigating factors as "It had to be done yesterday, so we didn't have
the time"  "We'll fix it later"  or "If ain't broke, don't fix it"  A
majority of the networks that I have contributed in constructing have been
up for some time and has not suffered one minute of down time as the fate
of other companies have.  If you read the right books and have the right
amount of "CLUE" or "CLUE" factor, it is fairly simple to construct a
secure, simple network infrastructure that can scale and expand as the
organization grows.

Carelessness and lack of forethought in my mind contributed heavily to the
recent outages.  Networks should be designed to handle huge amount of data
 when they are scaled and implemented properly.  Prototype, Prototype,
Stress Test, Stress Test, talk to Marcus's cats.  I am sure they have a
couple of stories they can tell you about the networks they consulted on..
 :)

/mark




"Andrew J. Luca" <andrewluca () mediaone net>
04/13/00 05:13 AM
Please respond to ajl


        To:     <Mark.Teicher () predictive com>, "'Carson, Joe'"
<JCarson () smartronix com>
        cc:     <firewall-wizards () nfr net>
        Subject:        RE: [fw-wiz] SANS Flash: Urgent Request For Help In
Stopping DOS Attacks
(fwd)


        Uh, I disagree with your statement, Mark.  Part of the reason that
DOS is
so easy is that you can always just pump data into a network.  While I
agree
that it might not have been so easy to turn unsuspecting companies into
malicious players in the attack, you still could have pulled in other
resources to accomplish the same thing.

Drew

-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of
Mark.Teicher () predictive com
Sent: Tuesday, April 11, 2000 9:08 AM
To: Carson, Joe
Cc: firewall-wizards () nfr net
Subject: RE: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping
DOS Attacks (fwd)


If networks were constructed properly and security was addressed at the
time of that the initial design was considered, DDOS would not have been
widespread as it was.

/m




"Carson, Joe" <JCarson () smartronix com>
Sent by: owner-firewall-wizards () lists nfr net
03/30/00 01:28 PM
Please respond to "Carson, Joe"


        To:     "'Andy Bach'" <root () wiwb uscourts gov>,
firewall-wizards () nfr net
        cc:
        Subject:        RE: [fw-wiz] SANS Flash: Urgent Request For Help
In
Stopping DOS Attacks
(fwd)


Andy,

  SANS put a lot of effort into this instruction, and it was reviewed by
several thousand network security engineers prior to publishing it.  I was
one of the reviewers, and found the instruction covers the same techniques
that I and many in this field already use.  They wont solve world hunger,
but they do what they are supposed to do.

Joe

W. Joseph Carson,CCNA,CCDA
Chief Technical Officer
Smartronix Inc.
703-630-4422


-----Original Message-----
From: Andy Bach [mailto:root () wiwb uscourts gov]
Sent: Wednesday, March 29, 2000 11:59 AM
To: firewall-wizards () nfr net
Subject: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping DOS
Attacks (fwd)


Hey,

SANS is requesting Internet-wide assistance w/ stopping DOS attack by
reconfiguring routers.  Anybody looked at the instructions/info and seen
if it would work?
http://www.sans.org/dosstep/index.htm

Andy Bach, sys mgr
andy () wiwb uscourts gov

---------- Forwarded message ----------
From: The SANS Institute <sans () sans org>
[snip]

The simple steps can be found at the SANS website at the URL
http://www.sans.org/dosstep/index.htm and will keep your site
from contributing to the DOS threat.  Tools will soon be
publicly posted to determine which organizations have and have
not protected their users and which ones have systems that
still can be used as a threat to the rest of the community.

More than 100 organizations in the SANS community have tested
the guidelines, which were drafted by Mark Krause of UUNET with
help from security experts at most of the other major ISPs and
at the MITRE organization. The testing has improved them
enormously. (A huge thank-you goes to the people who did the
testing.)
[snip]
Alan Paller
Director of Research
SANS Director of Research
sansro () sans org
301-951-0102
Previous By Date Next
Previous By Thread Next

Current thread: