Re: Info on the DoS attacks.

[Joe Shaw <jshaw () insync net>]

On 9 Feb 2000, Sean Donelan wrote:

> But at NANOG I spoke with several people I thought would know, who didn't.
> I didn't talk to any GlobalCenter folks because I couldn't find any.  They
> disappeared on Monday.  But I did speak with several security people with
> other providers, and they hadn't heard any confirmed technical details.  Just
> speculation about what had happened.  In particular, everyone was wondering
> what made the attack so hard to detect as a DoS.

I don't get the impression that the attacks are hard to detect from what
I've heard.  What I have heard is that it's been hard to get people to
react and do so in a timely and proper manner.

> Ok, I know, I don't work at an ISP anymore, so I'm not a member of the club.
> I think several departments at WorldCom are under orders not to speak to me.
> But instead I found the security folks at other providers were happy to talk
> about it, but didn't know any more than me.  This worries me.

I'd be worried if they didn't have theories or know about the known DDoS
attacks, but not if they didn't have specifics.  Tier1 NSP's seem to be
very tight lipped about these sorts of things when they are the 
victim.  I'm sure there are GC employees on this list, but none have come
forward to give any details.  Could be a gag order, which wouldn't shock
me at all.  Hopefully we'll know something eventually, but for now we're
all mushrooms when it comes to official information.

--
Joseph W. Shaw - jshaw () insync net
Computer Security Consultant and Programmer
Free UNIX advocate - "I hack, therefore I am."