Re: Who Are These Jerks, Anyway?

[Johnathan Meehan <jmeehan () EASYNET CO UK>]

Hi William,

You raised a few interesting points in your previous mail. I would like to
add to a couple with my own, if I may.

* 2600, "The Hacker Quarterly", can in no way act disgusted by these attacks
and hold insult for being linked to them. When I was a teenager, sitting
around with an all powerul 96 modem (speed!) the magazine was a good read.
Informative, and fun. Now however, it panders to nothing more than the
scr1p7 k1d33. Disseminating information is one thing - tell me how to
propogate an attack in rough technical terms, and I would be able to work it
out, probably learning a lot on the way. It is doubtful that I would take
the attack beyond my own network and my friends, though. However, 2600 is
guilty of providing source code directly and/or direct links in several
cases. This is not passing the information under the ideal of "free speech".
This is passing the gun to a teenage idiot with a seriously bad attitude.
Thanks, I got that one of my chest - it's been bugging me for a while now!
:-)

> Here's another difficult problem: DoS attacks use innocent computers
> to do the attacking.

* Innocent is in one way correct, William, but in another I think not. DoS
attacks are older than my cleanest pair of socks, and this particular type
is not new. The information pertaining to it, and ensuring that your system
is not amongst those compromised is freely and easily available. Steps
should have been taken by now to ensure that your machine is not one of
those used. Whether it be a home box or not - people need to act in a
responsible way. You would lock your guns in a cabinet, rahter than leave
them outside on the window ledge, wouldn't you? What I'm saying is that
security is only as good as the next weak machine, and we should not
tolerate weak machines.

I was discussing on the FreeBSD mailing list with a chap recently these
things, after Yahoo! was had. The best way would be to have machines removed
from the backbone - how is that done? The only other option we could come up
with was along your lines. Perhaps, we thought, we could start a list
dedicated to nothing more than recording the IP addresses of machines used
to propogate such attacks. Provide some tools to automate things as much as
possible, and sysadmin now has a list of IP addresses that they can drop at
the border. We then mail the blocked sites to let them know what is
happening. In this way we could take some responsibility that the people who
should be taking it don't seem to want - we could reduce site of the playing
field for the morons out there. OK, so the problem doesn't go away, but it
is a step in the right direction, don't you think?

> But in the meantime, this is a perfect example of the difficulty of
> putting a powerful tool in the hands of the people: Some people are
> jerks.

Couldn't have put it any better!

Regards,

Johnathan Meehan

"A jug of wine,
A leg of lamb
And thou!
Beside me,
Whistling in
the darkness."

"Be Ye Not Lost Among Precepts of Order..."
- The Book of Uterus 1;5

ISN is sponsored by Security-Focus.COM