FC: Report from UC Santa Barbara on denial of service attack

[Declan McCullagh <declan () well com>]

[This is from a politech subscriber from UCSB. I have removed their name 
and email address, per their request. --DBM]



Hey Declan--

Something on the DoS.

--Student annoyed by *dumb* "and what is a network?"
reporters at UCSB

+++++++++++

News footage released on CNN and other news programs
regarding this week's denial of service (DoS) assault
on major Internet Web sites presents the hack at UC
Santa Barbara incorrectly.

All footage displayed shows the open access computer
lab terminals available for enrolled student usage,
which were not used to launch the "zombie" program
used in the attack.  The reporters who questioned
attendants in the labs and report statements issued by
the lab staff are regurgitating statements made by
people who have no connection with the UCSB terminal
used.  Rather ironic, no?

It makes a little bit of sense to do *some* research
on which departments administrate which networks
before going to press with statements made by annoyed
students in the middle of midterms who didn't
appreciate being put on camera.  As far as I know, the
only person quoted who has anything actually to do
with the attack is Kevin Schmidt, the Engineering
network administrator who is already working with the
FBI and making limited statements anyway.

Rumor has it that the actual terminal used in the
sloppy hacking job was most likely in the research
network in the UCSB Chemical Engineering department.
While there are numerous "open doors" in the computer
labs, the Chemical Engineering research network would
be the easiest to to launch a DoS from.  The
Engineering department terminals have faster
processors and more ram than any open access lab on
campus.  It is my understanding that the Chemical
Engineering has fewer access control measures in place
than the Materials or Electrical Engineering networks,
because the Chem network is designed to be the most
collaborative out of the three engineering
departments, meaning open access and sharing.  Even
with access control, the more ways a computer is
available, the easier it is to crack.

Despite the alarms raised by an FBI probe, there is
really no need to put any real security measures on a
network of this nature.  Most home PC users probably
have better equipment than what is in the Chem
Engineering department and are far easier to crack.


--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------