Firewall Wizards mailing list archives

Re: Recent Attacks

From: "Frank L. Heidt" <heidtf () psns navy mil>
Date: Wed, 16 Feb 2000 15:10:06 -0800



Without belaboring the obvious, the apparent objective of the recent  dds
attack was vandalism writ large. The code in question was not 'great' per se,
in actuality it's extraordinarily obvious. No clever exploitation of subtle
interactions in IP, no earth shaking revelations of basic flaws, ( the flaws
are very well know). Just a plain vanilla DOS written as a client/server app,
with some obnoxious randomization in the various header fields of the
generated packets.

<Conjecture>

I 'know' (read- think) that the wake up call has successfully been delivered.
These attacks didn't just evaporate, they stopped. I don't think the folks who
released the packet storm had a stunning moral conversion. rather, it is my
conjecture that a few major '.net's are no longer forwarding traffic with non
routable or spoofed address from boundary routers. Just a though.

</Conjecture>

IMHO, anyone who knowingly allows traffic out of their AS's with spoofed
address information is guilty of, at the very least, bad manners.  And now,
after Mixter's 'experiment' has been activated, maybe something much worse. We
do after all live in a litigious society.

As to why the perpetrators didn't go after the root servers: besides technical
details, one sentence: Wizard don't let children play in the tower
unsupervised. ;-)


"Starkey, Kyle" wrote:

I don't believe that this was the total objective.  I believe (and this is
only conjecture) that their point was the actual vulnerability itself.  The
DoS and the newly created DDos attacks are VERY simple to use and widely
available.  I think the point was "Hey, check out this great piece of code
that is really easy to use and the MAJOR players on the internet are still
vulnerable."  I am hopeing it was more of a wake up call than it was
malicious, but who knows.

-Kyle
Information Security
MSDW Online

From: hnd () asu edu [mailto:hnd () asu edu]

...If these hacker really do want to create massive scale
problems why not hack the root servers?!!!!!!!  This will bring down the
whole internet.

Current thread:

Re: Recent Attacks, (continued)
- - - Re: Recent Attacks Paul D. Robertson (Feb 21)
    - Re: Recent Attacks Darren Reed (Feb 21)
    - Re: Recent Attacks Paul D. Robertson (Feb 21)
    - Re: Recent Attacks Philip J. Koenig (Feb 24)
    - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 21)
    - Re: Recent Attacks Barrett G. Lyon (Feb 17)
- RE: Recent Attacks John Young (Feb 15)
- RE: Recent Attacks Starkey, Kyle (Feb 15)
  - RE: Recent Attacks Stephen Seal (Feb 17)
  - RE: Recent Attacks Lance Spitzner (Feb 17)
  - Re: Recent Attacks Frank L. Heidt (Feb 17)
  - Re: Recent Attacks Iván Arce (Feb 17)
    - Re: Recent Attacks Paul D. Robertson (Feb 19)
- Re: Recent Attacks Matthew_S_Cramer (Feb 15)
  - Re: Recent Attacks Philip J. Koenig (Feb 17)
- Re: Recent Attacks Don Kendrick (Feb 16)
  - Re: Recent Attacks Iván Arce (Feb 17)
  - Re: Recent Attacks sedwards (Feb 19)
- RE: Recent Attacks Moore, James (Feb 16)
- RE: Recent Attacks John Ross (Feb 17)
- RE: Recent Attacks Troy Henley (Feb 17)

(Thread continues...)