Firewall Wizards mailing list archives

RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply

From: Mark.Teicher () predictive com
Date: Thu, 13 Apr 2000 08:54:47 -0400

Andrew,

A familiar poster, I have always been under the impression "If you plan 
your network carefully" it will withstand the test of time.  Most 
sysadmins do not have the luxury of constructing a network correctly due 
to mitigating factors as "It had to be done yesterday, so we didn't have 
the time"  "We'll fix it later"  or "If ain't broke, don't fix it"  A 
majority of the networks that I have contributed in constructing have been 
up for some time and has not suffered one minute of down time as the fate 
of other companies have.  If you read the right books and have the right 
amount of "CLUE" or "CLUE" factor, it is fairly simple to construct a 
secure, simple network infrastructure that can scale and expand as the 
organization grows.

Carelessness and lack of forethought in my mind contributed heavily to the 
recent outages.  Networks should be designed to handle huge amount of data 
 when they are scaled and implemented properly.  Prototype, Prototype, 
Stress Test, Stress Test, talk to Marcus's cats.  I am sure they have a 
couple of stories they can tell you about the networks they consulted on.. 
 :) 

/mark




"Andrew J. Luca" <andrewluca () mediaone net>
04/13/00 05:13 AM
Please respond to ajl

 
        To:     <Mark.Teicher () predictive com>, "'Carson, Joe'" <JCarson () smartronix com>
        cc:     <firewall-wizards () nfr net>
        Subject:        RE: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping DOS Attacks 
(fwd)


        Uh, I disagree with your statement, Mark.  Part of the reason that 
DOS is
so easy is that you can always just pump data into a network.  While I 
agree
that it might not have been so easy to turn unsuspecting companies into
malicious players in the attack, you still could have pulled in other
resources to accomplish the same thing.

Drew

-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of
Mark.Teicher () predictive com
Sent: Tuesday, April 11, 2000 9:08 AM
To: Carson, Joe
Cc: firewall-wizards () nfr net
Subject: RE: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping
DOS Attacks (fwd)


If networks were constructed properly and security was addressed at the
time of that the initial design was considered, DDOS would not have been
widespread as it was.

/m




"Carson, Joe" <JCarson () smartronix com>
Sent by: owner-firewall-wizards () lists nfr net
03/30/00 01:28 PM
Please respond to "Carson, Joe"


        To:     "'Andy Bach'" <root () wiwb uscourts gov>,
firewall-wizards () nfr net
        cc:
        Subject:        RE: [fw-wiz] SANS Flash: Urgent Request For Help 
In
Stopping DOS Attacks
(fwd)


Andy,

  SANS put a lot of effort into this instruction, and it was reviewed by
several thousand network security engineers prior to publishing it.  I was
one of the reviewers, and found the instruction covers the same techniques
that I and many in this field already use.  They wont solve world hunger,
but they do what they are supposed to do.

Joe

W. Joseph Carson,CCNA,CCDA
Chief Technical Officer
Smartronix Inc.
703-630-4422


-----Original Message-----
From: Andy Bach [mailto:root () wiwb uscourts gov]
Sent: Wednesday, March 29, 2000 11:59 AM
To: firewall-wizards () nfr net
Subject: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping DOS
Attacks (fwd)


Hey,

SANS is requesting Internet-wide assistance w/ stopping DOS attack by
reconfiguring routers.  Anybody looked at the instructions/info and seen
if it would work?
http://www.sans.org/dosstep/index.htm

Andy Bach, sys mgr
andy () wiwb uscourts gov

---------- Forwarded message ----------
From: The SANS Institute <sans () sans org>
[snip]

The simple steps can be found at the SANS website at the URL
http://www.sans.org/dosstep/index.htm and will keep your site
from contributing to the DOS threat.  Tools will soon be
publicly posted to determine which organizations have and have
not protected their users and which ones have systems that
still can be used as a threat to the rest of the community.

More than 100 organizations in the SANS community have tested
the guidelines, which were drafted by Mark Krause of UUNET with
help from security experts at most of the other major ISPs and
at the MITRE organization. The testing has improved them
enormously. (A huge thank-you goes to the people who did the
testing.)
[snip]
Alan Paller
Director of Research
SANS Director of Research
sansro () sans org
301-951-0102

Current thread:

Re: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Paul D. Robertson (Apr 04)
- <Possible follow-ups>
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Mark . Teicher (Apr 13)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Andrew J. Luca (Apr 18)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Rick Smith (Apr 18)
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Mark . Teicher (Apr 18)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Andrew J. Luca (Apr 20)
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Mark . Teicher (Apr 18)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks Rick Smith (Apr 18)