Vulnerability Development mailing list archives

is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

From: 11a () GMX NET (Bluefish)
Date: Sun, 14 May 2000 03:41:26 +0200


Ehm. In what way did shortcommings of TCP/IP have any specific impact upon
the DDoS attacks? The attack was dependent upon two issues:
  1. ability to fill up the physical bandwith (alas network hardware)
  2. ability to overload local resources (RAM, processor etc)

None of these attacks were directly related to any TCP/IP vulnerability.

Regarding the existing problems in TCP/IP, it simply wasn't designed for
the actuall conditions upon todays internet. Once IPv6 becomes the
main internet protocoll, some problems related to IPv4 will remain only as
a memory. But since huge distributed attacks doesn't rely on bugs to
function, no protocolls will solve that problem.

camp would have us believe that Microsoft is to blame. But who was to blame
for the attacks a few months ago against CNN, Yahoo, etc? The attacker took
advantage of shortcomings of TCP/IP. Ones that can not be corrected without
serious threats to the capabilities of TCP/IP that we all have come to know
and love.


..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

Current thread:

Re: QPOP2.5* exploit ??, (continued)
- - - Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
    - Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
    - Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
    - Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
    - xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
    - Re: QPOP2.5* exploit ?? rpc (May 14)
    - Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
    - Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
    - Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
  - is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Maxime Rousseau (May 12)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Daniel P. Zepeda (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Istvan Takacs (May 15)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)