nanog mailing list archives
Re: DDOS anecdotes
From: "Michael Painter" <tvhawaii () shaka com>
Date: Sat, 23 Jun 2001 13:47:27 -1000
The bottom line is that Gibson's an hysteric crank who doesn't know what
he's talking about.<< Thanks to everyone for the links and info. --Michael ----- Original Message ----- From: "Roland Dobbins" <rdobbins () netmore net> To: "Paul Vixie" <vixie () mfnx net> Cc: <nanog () merit edu> Sent: Saturday, June 23, 2001 12:39 PM Subject: Re: DDOS anecdotes
I think the idea is to either use a buffer overflow or somesuch (yes, they exist on Windows) to either get the machine to run a .vbs/ActiveX/wsh at the time of penetration, or plant something that will get run when the user does certain things or the machine's rebooted. There are several tools which can do spoofing on NT/2000 using the Win32 version of libpcap, and there are tools for Win9x into which the coders wrote their own functions. A five-minute search on google.com will reveal them. The bottom line is that Gibson's an hysteric crank who doesn't know what he's talking about. Yes, providers and customers need to secure their boxes/do egress filtering/implement CAR and/or WFQ and/or SPD and/or TurboACLs wherever possible; yes, users need to know how to get hold of their providers' NOCs/support staff -ahead of time-; yes, they need to look at Cisco 7600-type and/or 6500/MSFC2/Sup2s to process ACLs wherever possible; no, none of this is new. He hadn't secured his routers in the least, and betrays a stunning ignorance of how the Internet in general and IP specifically works. Then he gets on his soapbox about it and proclaims that he, and only he, knows how to save the Internet. There're plenty of things to bash Microsoft over, both generally and in regards to XP in general - but the fact that they implemented a standard socket interface in XP isn't one of them. Do realize that in the last year or so, Gibson claimed to've invented 'stealth' scanning a la nmap. He also published some crazy method for supposedly optimizing ZIP drives which has the effect of destroying your ZIP cartridges. I personally think he's unhinged, and a huckster to boot. His latest folly is to automagically post logs of what he says are the IPs of machines launching DoS attacks against his site, and urge users to contact Bill Gates and blame Microsoft for it. Needless to say, most of the machines on the list seem to supposedly be routers or switches of one stripe or another, and/or *NIX boxes. My guess is that the vast majority of those IPs are spoofed. He also urges service providers to take action against the supposed offenders. Although I hate Microsoft with a passion, I hope that they sue him for slander - I'd love to see these two FUD-spreaders go after one another. Hell, I'd be willing to serve for free as an 'expert witness' for the purpose of taking him apart in court. Gibson's an idiot. Ignore him. Paul Vixie wrote:I'm having a hard time understanding this. Wouldn't it be easier/simpler
for
these crackers to just install their bots on, oh say, 20 million machines running XP than the crackers having to deal with installing the bot -and- the code to do the spoofing on Win95/98/98SE/98ME?Doesn't matter. Either way it's an automated script-kiddie tool. No way either approach works if it requires manual keystrokes by the attacker.-- ------------------------------------------------------------ Roland Dobbins <rdobbins () netmore net> // 408.859.4137 voice
Current thread:
- Re: peering requirements (Re: DDOS anecdotes), (continued)
- Re: peering requirements (Re: DDOS anecdotes) Hank Nussbacher (Jun 27)
- Message not available
- RE: DDOS anecdotes Daniel Senie (Jun 23)
- RE: DDOS anecdotes Greg A. Woods (Jun 23)
- Re: DDOS anecdotes Michael Painter (Jun 23)
- Re: DDOS anecdotes Paul Vixie (Jun 23)
- Re: DDOS anecdotes Roland Dobbins (Jun 23)
- Re: DDOS anecdotes Jonas Luster (Jun 23)
- RE: DDOS anecdotes Jason Lewis (Jun 23)
- RE: DDOS anecdotes mike harrison (Jun 24)
- Re: DDOS anecdotes David Howe (Jun 24)
- Re: DDOS anecdotes Michael Painter (Jun 23)
- Exodus Down mike harrison (Jun 23)
- Re: Exodus Down Andy Bradford (Jun 23)
- RE: Exodus Down Matt Levine (Jun 23)
- Re: Exodus Down Roland Dobbins (Jun 23)
- Re: DDOS anecdotes David Howe (Jun 23)
- Re: DDOS anecdotes Jonas Luster (Jun 23)
- RE: DDOS anecdotes Greg A. Woods (Jun 23)
- Re: DDOS anecdotes Christopher A. Woodfield (Jun 23)