Full Disclosure mailing list archives
Re: Stereotyping DoS and Don'ts
From: "J. Oquendo" <sil () infiltrated net>
Date: Wed, 04 Apr 2007 09:35:29 -0400
neal.krawetz () mac hush com wrote: I infer you're under the impression that this may some form of de-facto profiling of DoS kiddiots. But ask yourself, how hard would it be to take any of the given information you disclosed for an attacker in say America to be punctual in his attacks so that they may now mimic your mentioned Western European or Chinese attackers. > * The USA and Canada are stereotypical in that they are not > extreme in any single dimension. An attack may not start precisely > at 1:00, but it will be "around 1:00", it may not be homogeneous, > but it will be close. And it may change as needed rather then > exhaust one attack method. Americans are also more solitary. You > won't see a hundred American hackers working in unison on the same > target as you would in China or Brazil. Assumptions. Back in the mid to late 90's American script kiddiot groups were known for throwing their tags all over webpages. Groups ranged in size and judging by some of the IRC channels and forums of those times, some of these channels and groups were rather large. If you take a look at say Electronic Disturbance Theater, the numbers could have exceeded your best guesses, they were coordinated on a worldwide scale and they were on time. Regardless of the fact that they may have been American or Chinese. > * The recent DoS against the root level DNS servers started > exactly on the hour. At intervals of 1 hour, there were changes to > the attack method. Both the Western Europe and China match this > kind of attack: precisely timed, planned, homogeneous, and > exhaustive. It's nice to assume but I could spend a day poking holes in your theory. > * Similar to Blue Frog, the Smurf attacks from Mafiaboy were not > precisely timed, but were exhaustive, showed short-term planning, > and were independent attacks. Mafiaboy was Canadian. What you think you "may know" based on media accounts just might be wrong. For those on the greyhat scene in tune to what was going down at the time, most will know mafiaboy wasn't the sole culprit albeit he took the brunt of it all. I won't get into more than that. > Stereotyping and profiling is commonly criticized for its > inaccuracy. "Assumptions" should be criticized for providing vague information however, its a nice idea but filled with too many holes. While your idea sounds interesting, you're missing many of the essential FACTS to quantify the whole case on building "Who is DoS'ing Your Servers" movement. So to help you a bit more... Here are some profiles to add: Swedish attackers: They will ponder if they want to actually partake in the DoS. They'll sit back and think whether it is a fair war to get into, or whether they should sit back and let others attack as to not involve themselves in that war. Spaniards: They'll plan to attack at 1PM their time but the attack won't begin until 4PM as an attack will end up interfering with their siesta. A Spaniard will never attack during siesta time. Irish attackers. Although they'll meticulously plan the attack, due to the fact they sidestepped into a pub, by the time the attack is set to start, they'll likely be too drunk to initiate it. Nigerian attackers. They'll plan out a massive DoS attack but sidestep it in order to offer their victims a wire transfer of $10,000,000,000.00 from their deceased uncle Jimbobzinunu. On a serious note, I find it a bit strange that many who haven't been on "the scene" for quite some time point out modified histories of what occurred. Perhaps its time for a tell all book to be written about the so called hacker/cracker scene from the mid nineties through now. -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Stereotyping DoS and Don'ts neal.krawetz (Apr 04)
- Re: Stereotyping DoS and Don'ts Michal Zalewski (Apr 04)
- Re: Stereotyping DoS and Don'ts J. Oquendo (Apr 04)
- Re: Stereotyping DoS and Don'ts Valdis . Kletnieks (Apr 04)
- Re: Stereotyping DoS and Don'ts J. Oquendo (Apr 04)
- Re: Stereotyping DoS and Don'ts Valdis . Kletnieks (Apr 04)