Information Security News mailing list archives

Re: Denial of Service Attacks Planned For Christmas - ISS

From: Dave Dittrich <dittrich () CAC WASHINGTON EDU>
Date: Tue, 21 Nov 2000 00:51:01 -0800

 I am sorry, but am I the only one who read through this, and wondered
what do they have to back up their claims? This story offers up a zing
bang topic with no facts or anything backing up ISS claims. What editor
let this story out?

 This reminds me of all the tiny start-up security companies that popped
up after the last DDoS attacks with claims of another trojan, or some
other attack looming in the near future, so that they could get some free
media coverage and make it on the morning talk shows. Hey, right or wrong,
they got press for their company. Who cares if they spread more FUD and
scared a lot of AOL users and tiny ISPs across the world... :/


No, you weren't the only one.  Over the last year there have been many
press releases from many companies that exploited FUD or otherwise
claimed more than is just.  I'll just say that more responsibility is
warranted and that the truth eventually comes out.  I've spent my own
time at the center of the DDoS cyclone, and assembled a timeline of
events that will help anyone who wishes to understand what really
happened before February 8, 2000 and to understand what has happened
since:

        http://staff.washington.edu/dittrich/misc/ddos/timeline.html

Welcome to just one of the many things that suck about the 'industry'
that's developed around info ops and info assurance.  You're obviously
correct about the lack of editorial control...  but look at the
'journalism' and the assertions by the sources, and it's absurd on the
face.  How do they 'know' when an attack is planned?  The usual
confusion about capabilities an intentions.  The coupling of the claim
with the press release (honest guys, PR newswire isn't that expensive,
just use it an be honest).


I don't doubt that ISS learned of DDoS networks.  We deal with DDoS
attack networks all the time.  You just don't get press releases from
universities.  I also don't doubt that ISS heard rumors or witnessed
exchanges on IRC.  Most DDoS attacks are centered around IRC, and were
born of online battles on IRC.  Spend time in the right IRC channels and
you'll hear people brag or threaten.  Should everything heard on IRC be
believed, though?  That is another question, but I don't think these
are the relevant points.

If anyone has information about computer crime -- being committed or
about to be committed -- the place to deliver this information is to
incident response agencies and law enforcement first and foremost, not
the media.  Being first with an advisory or first with a press release
is not what is important.

--
Dave Dittrich                           Computing & Communications
dittrich () cac washington edu             Client Services
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

Current thread:

Denial of Service Attacks Planned For Christmas - ISS William Knowles (Nov 19)
- Re: Denial of Service Attacks Planned For Christmas - ISS Bronc Buster (Nov 20)
  - Re: Denial of Service Attacks Planned For Christmas - ISS Michael Wilson (Nov 21)
  - Re: Denial of Service Attacks Planned For Christmas - ISS Dave Dittrich (Nov 23)