FC: Response to wacky Y2K buffs and outage conspiracies

[Declan McCullagh <declan () well com>]

***********

Date: Fri, 11 Feb 2000 14:57:51 -0500
To: Declan McCullagh <declan () well com>
From: Paul Ferguson <ferguson () cisco com>
Subject: Y2K nonsense

> >I am attaching a corrected version of what "Pliney" wrote.  He posted this
> >today.  You might want to circulate this corrected version of his comments
> >as well.
> >
> >As you may know, he is describing a kind of Internet problem that was
> >predicted.  Which explanation eventually obtains remains to be seen.
> >

Declan,

I can understand how even a smart person (with a PhD, no less)
who has no technical background could propagate incorrect information,
but these recent denial of service attacks are such "high visibility"
incidents that a plethora of technical information abounds.

When you get right down to it, this "Pilney" has no idea, technically,
what he/she is talking about. Even his/her descriptions of no-menacing
technology frobs are incorrect.

This has got to be one of the most asinine conspiracy theories
I have seen, and can be considered no less than an outright
slanderous assault on the character of Cisco Systems, completely
contrary to well established facts and technologies.

Thanks for forwarding this fiction.

Speaking only for myself,

- paul

***********

> Date: Fri, 11 Feb 2000 13:43:52 -0500
> To: Declan McCullagh <declan () well com>
> From: "P. Gordon" <pgordon () erols com>
>
> Declan,
>
> Thanks for copying me your piece.
>
> I am attaching a corrected version of what "Pliney" wrote.  He posted this
> today.  You might want to circulate this corrected version of his comments
> as well.
>
> As you may know, he is describing a kind of Internet problem that was
> predicted.  Which explanation eventually obtains remains to be seen.
>
> My January 17 Comments piece has a more current rendering of my analysis
> concerning what has happened and what is happening.  Possible political
> dimensions of the Administration's approach to Y2K and embedded systems
> problems is of course just one element of a very complicated picture.   The
> January 17 piece that I wrote may help clarify my perspective.  You can find
> it by clicking on Comments when you get to my website.
>
> Regards,
>
> Paula Gordon
>
> ****************************************************************************
> *******
>
> Additional clarification from "Pliney" re the algorithm corruption theory.
> Please note that he corrects the explanation that he had previously given.
>
>
> 2/11/2000 entry on the Time Bomb 2000 Thread entitled: "Paging
> Pliney...Questions re Alternative to "Denial of Service Hackers" theory"
>
>
> http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002XPN
>
>     " My apologies. I said date-time stamp as I did not really want to
> explain what TTL and the fragmentation segments with the IP header. I also
> did/don't want to be too specific about how this could occur as it has
> dawned on me that this could be developed into a new cracking tool.
>
>      However. Here is the concept. There is a portion of the IP or UDP
> packet header that all the young pups think is a finite number (255 or less)
> which is the number of hops from origination to destination. If you are an
> old puff wind like myself you realize that this number is actually
> designating a discrete number of seconds that the packet is allowed to live
> (the TTL = Time To Live).
>
>      Anyway, what I suspect is happening is that a date related algorithm in
> the sending chain starts the problem by placing a negaitve number in one or
> more of these header fields. This is what is causing the machinen to machine
> escalation of bad packet resend requests.
>
>      As to the specific "targets", please note that all the sites being
> 'bombed' all are very high end biz sites AND are all using the BIG Whumpen
> Routers. All the Big Whumpen Routers are one of the common elements of this
> incident. Might they not all share a common vulnerability as they share a
> common code base?
>
>      Another commonality is the manner in which the net as a whole was
> impacted. This is what got me thinking about this. A normal DOS does not
> cascade into backbone problems. Also these packet flurries appear to be
> generated at a phenomenal rate of expansion. Something that an OS driven
> process with other activities on other     threads/processes would be hard
> pressed to duplicate. This is just an intuitive observation as I have no
> certain knowledge from the perspective of the 'victim' only what I have
> heard and deduced.
>
>      Also, we were able to mock up a peer to peer router group and replicate
> this effect of DOS attack on a wholely closed network. And all we needed was
> some misbehavior at the ttl level of things.
>
>      Finally, the stuff I am speaking of relates to the algorithms for the
> packetizing and packet reassmbly aspect of things. Not specifically
> machines, but rather the logic employed in the firmware.
>
>      Is it better that I am correct? Or that it really is hackers? Either
> way it is a real, and serious problem to work.
>
>      The issue for me is to do what I can to assist TPTB in deciding which
> problem they really are working.
>
>      Vale. Et bona dies sunt. "
>
>      -- pliney the younger (pliney () puget sound early sun), February 11, 
> 2000.
>
> End of forwarded material
>
>
>
> Paula D. Gordon, Ph.D.
> Visiting Research Professor and
> Director of Special Projects,
> Research Program in Social and
>    Organizational Learning,
> George Washington University
>
> Please direct all communications
> to pgordon () erols com
>
> For Parts 1 - 6 of a White Paper
> on Y2K by Paula Gordon, see
> http://www.gwu.edu/~y2k/keypeople/gordon
>
> For "Comments and Impact Ratings" for
> January 17, 2000 and the First Quarter
> of the Year 2000, click on "Comments,
> Essays, and Op-Ed Pieces" at
> http://www.gwu.edu/~y2k/keypeople/gordon
>
> For a schedule of events sponsored by the
> GW Y2K Group, see the Announcements page
> at http://www.gwu.edu/~y2k/keypeople/gordon

***********

--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------