Firewall Wizards mailing list archives

RE: Blitzkrieg Server -- For Real?!

From: Catherine Francis <cfrancis () intrusion com>
Date: Mon, 11 May 1998 10:35:21 -0400

This article has been the source of a certain amount of speculation and 
amusement here.  The general feeling, as summed up by one of our 
developers:

to be honest, it reads like the drivel that New Agers spout about their 
version of Gaia: lots of anthropomorphisms, veiled allusions to some 
gestalt formed by the intensive interaction of distributed sub-entities, 
and all that.

Personally, I believe not a single word.

What I will believe they have is a traffic monitor, sifting through 
conversations and matching patterns. Three days' advance warning? Hogwash. 
What they probably got was the slow start of the attack -- it was just the 
well-known land2, by the way -- so the filters were in place when the main 
attack came. CIA claims it's dangerous? If it were they would quietly study 
it (besides, the NSA would be a more likely agency to get involved), not 
spout militaristic drivel.

It was amusing to read that the "Blitzkrieg virtual machine" is "subsuming 
and taking over" NT. I cannot conceive of any situation where this 
statement might be true, unless "Blitzkrieg" is a human or machine 
intelligence ... and they most emphatically don't have a sentient being 
locked up in an NT box.

Also, check out the buzzword quotient: lots of martial background music, a 
high incidence of vague-but-nice-sounding words, and the whole thing reads 
as if the shop spouting it was the last defense of the Free United States 
against the Communist Onslaught or the Yellow Peril.

Finally, a minor item which totally and absolutely discredits the entire 
load of bull crap: The land2 attack they refer to was done using spoofed 
source IP addresses. Unless _every_ router from the attacker keeps a 
complete traffic log, _including_ the port/line from which a particular 
packet was received, it is not possible to trace such a spoof back after 
the fact. (It is extremely hard to do _while_ it is happening; compare to 
an old-style phone trace, looking at relays and calling the next exchange 
up the line.) For MAE-West alone, such a log would be around one gigabyte 
*per*second*! Of course, the product could have "invaded, reintegrated and 
subsumed" the entire routing chain upstream towards the attacker to locate 
the source -- which would mean that Blitzkrieg is, on the fly, able to 
generate and upload replacement OSes for a myriad of special-purpose 
processors in a myriad of configs from Cisco, Bay Networks, and so on. 
(Note -- Cisco products require a command from a privileged console before 
even thinking about loading a new OS file.) And all that without disturbing 
normal operations or alerting the NOC duty engineers to the fact that their 
routers were taken over ...

To summarize: A sales spiel or an outright hoax..


Catherine Francis
Research & Development Coordinator
(212) 348-8900
cfrancis () intrusion com
------------------------------------
Intrusion Detection, Inc.
A Security Dynamics Company
Makers of the Kane Security Analyst and Kane Security Monitor,
tools to ensure the overall security of your network


----------
From:   arager () McGraw-Hill com[SMTP:arager () McGraw-Hill com]
Reply To:       arager () McGraw-Hill com
Sent:   Wednesday, May 06, 1998 6:59 PM
To:     firewall-wizards () nfr net
Subject:        Blitzkrieg Server -- For Real?!


     Hello Wizards,

     Came across these links on CNN and the May98 issue of Signal Magazine.

     see:
     http://www.us.net/signal/CurrentIssue/May98/make-may.html

     or the vendor's site

     http://www.fvg.com/


     Article describes new technology developed by a Quantum Physics
     theorist. It's called the Blitzkrieg Server, and seems to be a highly
     advanced AI engine and counter-attack engine for network security.
     The counter-attack supposedly viraly infects the entire network that a 
     hacker originates from.....somemhow.  Seems to have sparked some
     interest from the CIA and such.


     Anyone else heard of this? Seems like pure hype based on fiction to
     me....Is this pure marketing smoke, or is there some sort of unreal
     counter-attack technology bundled into this product?


     Anton Rager
     arager () McGraw-Hill com

Current thread:

Blitzkrieg Server -- For Real?! arager (May 07)
- Re: Blitzkrieg Server -- For Real?! David C Niemi (May 09)
- Re: Blitzkrieg Server -- For Real?! Kinczli Zoltan (May 09)
- Re: Blitzkrieg Server -- For Real?! ( LONG ) Nick Drage (May 09)
  - Re: Blitzkrieg Server -- For Real?! ( LONG ) Mike Bresina (May 10)
- Re: Blitzkrieg Server -- For Real?! Rick Smith (May 09)
- <Possible follow-ups>
- RE: Blitzkrieg Server -- For Real?! Stout, William (May 09)
- Re: Blitzkrieg Server -- For Real?! dharris (May 09)
- RE: Blitzkrieg Server -- For Real?! Catherine Francis (May 11)
  - Re: Blitzkrieg Server -- For Real?! tqbf (May 13)
- RE: Blitzkrieg Server -- For Real?! Safier, Adam (GEIS) (May 11)
- RE: Blitzkrieg Server -- For Real?! Vin McLellan (May 13)
- Re: Blitzkrieg Server -- For Real?! David Kennedy CISSP (May 18)