Re: TCP Resource Exhaustion Attacks

[RB <aoz.syn () gmail com>]

> They have probably added enough flourishes and implementation details
> to their attack that they consider their attack to be original and
> unique.

I find there to be two classes of researchers: those that present and
those that discover, and seldom do the two interesect.  Unless my
alethiometer is completely incorrect (which it may well be), those
several of the prior class I've met and discussed any of their work
with are not much more than moderately good social engineers with more
words than skills.  It is usually trivial to exceed their technical
depth in minutes if not moments.

> an amazing coincidence that when we've seen this sort of thing lately,
> the only safe (and "responsible") time to release the details always
> happens to be exactly when the researchers are giving their big
> presentations.

Why not?  They _need_ that $1500/head to afford the hookers & blow for
the next month of partying before they dredge up the same old tired
presentations (get rich or die trying the blackhat way, anyone?) and
spew them before another sold-out crowd of credulous, hero-worshipping
managers.


RB

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org