nanog mailing list archives
RE: Yahoo offline because of attack (was: Yahoo network outage)
From: "Sykes, Phil" <Phil.Sykes () cweurope net>
Date: Wed, 9 Feb 2000 10:32:23 +0100
Okay, but you've still missed the point. Even if I stipulate everything
you
said here, that's still 50 largish systems that are compromised. I would almost wager that the perpetrators didn't use all of their assets either. That's a shit-load of large compromised systems on the Internet. Doesn't that thought worry you in the slightest?
It worries everyone! Dave Dittrich in his analyses of DDOS tools (available from http://www.washington.edu/People/dad/) suggests: "Trinoo networks are probably being set up on hundreds, perhaps thousands, of systems on the Internet that are being compromised by remote buffer overrun exploitation. Access to these systems is probably being perpetuated by the installation of multiple "back doors" along with the trinoo daemons." CERT suggests (http://www.cert.org/incident_notes/IN-99-07.html) Prevent installation of distributed attack tools on your systems Prevent origination of IP packets with spoofed source addresses Monitor your network for signatures of distributed attack tools Should we as network operators be taking a pro-active role to police our users for DDOS running boxen? It seems to me that educating end-users is the problem here, just as educating people to use 'no ip directed-broadcast' was back in 1997. Phil Sykes, Network Engineer Cable & Wireless Europe p: +49 89 92699 204 m: +49 172 89 79 727
Current thread:
- Re: Yahoo offline because of attack (was: Yahoo network outage) George Herbert (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Roeland M.J. Meyer (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Richard Steenbergen (Feb 09)
- <Possible follow-ups>
- RE: Yahoo offline because of attack (was: Yahoo network outage) Sykes, Phil (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Havard . Eidnes (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) John Payne (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Richard Steenbergen (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Simon Lyall (Feb 11)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Troy Davis (Feb 11)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Havard . Eidnes (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Roeland M.J. Meyer (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Charles Sprickman (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Richard Steenbergen (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Charley Kline (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Barry Shein (Feb 09)