Politech mailing list archives
FC: Response to wacky Y2K buffs and outage conspiracies
From: Declan McCullagh <declan () well com>
Date: Fri, 11 Feb 2000 15:10:44 -0500
*********** Date: Fri, 11 Feb 2000 14:57:51 -0500 To: Declan McCullagh <declan () well com> From: Paul Ferguson <ferguson () cisco com> Subject: Y2K nonsense
>I am attaching a corrected version of what "Pliney" wrote. He posted this >today. You might want to circulate this corrected version of his comments >as well. > >As you may know, he is describing a kind of Internet problem that was >predicted. Which explanation eventually obtains remains to be seen. >
Declan, I can understand how even a smart person (with a PhD, no less) who has no technical background could propagate incorrect information, but these recent denial of service attacks are such "high visibility" incidents that a plethora of technical information abounds. When you get right down to it, this "Pilney" has no idea, technically, what he/she is talking about. Even his/her descriptions of no-menacing technology frobs are incorrect. This has got to be one of the most asinine conspiracy theories I have seen, and can be considered no less than an outright slanderous assault on the character of Cisco Systems, completely contrary to well established facts and technologies. Thanks for forwarding this fiction. Speaking only for myself, - paul ***********
Date: Fri, 11 Feb 2000 13:43:52 -0500 To: Declan McCullagh <declan () well com> From: "P. Gordon" <pgordon () erols com> Declan, Thanks for copying me your piece. I am attaching a corrected version of what "Pliney" wrote. He posted this today. You might want to circulate this corrected version of his comments as well. As you may know, he is describing a kind of Internet problem that was predicted. Which explanation eventually obtains remains to be seen. My January 17 Comments piece has a more current rendering of my analysis concerning what has happened and what is happening. Possible political dimensions of the Administration's approach to Y2K and embedded systems problems is of course just one element of a very complicated picture. The January 17 piece that I wrote may help clarify my perspective. You can find it by clicking on Comments when you get to my website. Regards, Paula Gordon **************************************************************************** ******* Additional clarification from "Pliney" re the algorithm corruption theory. Please note that he corrects the explanation that he had previously given. 2/11/2000 entry on the Time Bomb 2000 Thread entitled: "Paging Pliney...Questions re Alternative to "Denial of Service Hackers" theory" http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002XPN " My apologies. I said date-time stamp as I did not really want to explain what TTL and the fragmentation segments with the IP header. I also did/don't want to be too specific about how this could occur as it has dawned on me that this could be developed into a new cracking tool. However. Here is the concept. There is a portion of the IP or UDP packet header that all the young pups think is a finite number (255 or less) which is the number of hops from origination to destination. If you are an old puff wind like myself you realize that this number is actually designating a discrete number of seconds that the packet is allowed to live (the TTL = Time To Live). Anyway, what I suspect is happening is that a date related algorithm in the sending chain starts the problem by placing a negaitve number in one or more of these header fields. This is what is causing the machinen to machine escalation of bad packet resend requests. As to the specific "targets", please note that all the sites being 'bombed' all are very high end biz sites AND are all using the BIG Whumpen Routers. All the Big Whumpen Routers are one of the common elements of this incident. Might they not all share a common vulnerability as they share a common code base? Another commonality is the manner in which the net as a whole was impacted. This is what got me thinking about this. A normal DOS does not cascade into backbone problems. Also these packet flurries appear to be generated at a phenomenal rate of expansion. Something that an OS driven process with other activities on other threads/processes would be hard pressed to duplicate. This is just an intuitive observation as I have no certain knowledge from the perspective of the 'victim' only what I have heard and deduced. Also, we were able to mock up a peer to peer router group and replicate this effect of DOS attack on a wholely closed network. And all we needed was some misbehavior at the ttl level of things. Finally, the stuff I am speaking of relates to the algorithms for the packetizing and packet reassmbly aspect of things. Not specifically machines, but rather the logic employed in the firmware. Is it better that I am correct? Or that it really is hackers? Either way it is a real, and serious problem to work. The issue for me is to do what I can to assist TPTB in deciding which problem they really are working. Vale. Et bona dies sunt. "-- pliney the younger (pliney () puget sound early sun), February 11, 2000.End of forwarded material Paula D. Gordon, Ph.D. Visiting Research Professor and Director of Special Projects, Research Program in Social and Organizational Learning, George Washington University Please direct all communications to pgordon () erols com For Parts 1 - 6 of a White Paper on Y2K by Paula Gordon, see http://www.gwu.edu/~y2k/keypeople/gordon For "Comments and Impact Ratings" for January 17, 2000 and the First Quarter of the Year 2000, click on "Comments, Essays, and Op-Ed Pieces" at http://www.gwu.edu/~y2k/keypeople/gordon For a schedule of events sponsored by the GW Y2K Group, see the Announcements page at http://www.gwu.edu/~y2k/keypeople/gordon
*********** -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo () vorlon mit edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
Current thread:
- FC: Response to wacky Y2K buffs and outage conspiracies Declan McCullagh (Feb 11)