Information Security News mailing list archives
Re: Denial of Service Attacks Planned For Christmas - ISS
From: Dave Dittrich <dittrich () CAC WASHINGTON EDU>
Date: Tue, 21 Nov 2000 00:51:01 -0800
I am sorry, but am I the only one who read through this, and wondered what do they have to back up their claims? This story offers up a zing bang topic with no facts or anything backing up ISS claims. What editor let this story out? This reminds me of all the tiny start-up security companies that popped up after the last DDoS attacks with claims of another trojan, or some other attack looming in the near future, so that they could get some free media coverage and make it on the morning talk shows. Hey, right or wrong, they got press for their company. Who cares if they spread more FUD and scared a lot of AOL users and tiny ISPs across the world... :/
No, you weren't the only one. Over the last year there have been many press releases from many companies that exploited FUD or otherwise claimed more than is just. I'll just say that more responsibility is warranted and that the truth eventually comes out. I've spent my own time at the center of the DDoS cyclone, and assembled a timeline of events that will help anyone who wishes to understand what really happened before February 8, 2000 and to understand what has happened since: http://staff.washington.edu/dittrich/misc/ddos/timeline.html
Welcome to just one of the many things that suck about the 'industry' that's developed around info ops and info assurance. You're obviously correct about the lack of editorial control... but look at the 'journalism' and the assertions by the sources, and it's absurd on the face. How do they 'know' when an attack is planned? The usual confusion about capabilities an intentions. The coupling of the claim with the press release (honest guys, PR newswire isn't that expensive, just use it an be honest).
I don't doubt that ISS learned of DDoS networks. We deal with DDoS attack networks all the time. You just don't get press releases from universities. I also don't doubt that ISS heard rumors or witnessed exchanges on IRC. Most DDoS attacks are centered around IRC, and were born of online battles on IRC. Spend time in the right IRC channels and you'll hear people brag or threaten. Should everything heard on IRC be believed, though? That is another question, but I don't think these are the relevant points. If anyone has information about computer crime -- being committed or about to be committed -- the place to deliver this information is to incident response agencies and law enforcement first and foremost, not the media. Being first with an advisory or first with a press release is not what is important. -- Dave Dittrich Computing & Communications dittrich () cac washington edu Client Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Denial of Service Attacks Planned For Christmas - ISS William Knowles (Nov 19)
- Re: Denial of Service Attacks Planned For Christmas - ISS Bronc Buster (Nov 20)
- Re: Denial of Service Attacks Planned For Christmas - ISS Michael Wilson (Nov 21)
- Re: Denial of Service Attacks Planned For Christmas - ISS Dave Dittrich (Nov 23)
- Re: Denial of Service Attacks Planned For Christmas - ISS Bronc Buster (Nov 20)