Re: rose fragmentation attack

["R. DuFresne" <dufresne () sysinfo com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



No, it's about resource exhaustion.  Now there are various resources that 
can be exhausted, the first being the width/breadth of the pipe, others 
being memory, storage space, the tcp/ip stack, etc.

There have been some pretty large sites/companies that have suffered 
denial of service attacks, some so sever they have been knocked out of 
business.  It's just the nature of the game...



Thanks,

Ron DuFresne


On Mon, 9 Jul 2007, Jay wrote:

> I often fine it interesting that folks make comments that few if any exist of any item just because they have no 
> experience or the clients they deal with  fail to effectively plan for Disaster Recovery or Business Continuity. There 
> are thousands of Nodes that are resilent enough to resist different levels of DOS. It may be important to know if it 
> would take several thousand or several million connections to take them offline. Its about threshhold assessment.
>
> After looking at the fine Web Design that sysinfo.com has though I guess I shouldnt be surprised by your short 
> sightedness or your DUH.
>
> Nice spining animated .GIF from the 80's.


Yes, it's been about that long since I put any real work into the site 
son.

> Jay
>
> ----- Original Message -----
> From: R. DuFresne [mailto:dufresne () sysinfo com]
> To: jay.tomas () infosecguru com
> Cc: jnferguson () gmail com,pen-test () securityfocus com,pen-test-return-1078484493 () securityfocus com
> Sent: Fri, 6 Jul 2007 16:36:43 -0400 (EDT)
> Subject: Re: rose fragmentation attack
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 27 Jun 2007, Jay wrote:
>
>         [SNIP]
>
> > Its better they know they are susceptable to DoS in a penetration test vs. when their site is offline for hours/days 
> > when a botnet comes a knocking.
>
>
> I don't know, I take that statement as kinda a DUH!  There are few if any
> sites that are not susceptable to DoS.  And there are few if any sites
> that have a real, full, replicated mirror of their network in place to do
> an exact test of their production setup.
>
>
>
>
> Thanks,
>
> Ron DuFresne
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
>                 -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFGjqfest+vzJSwZikRAjbXAJ9eXVgl2upIkPjeKQymXOWbOPwUSACg0YhE
> CdXfur2SOGpe32rIdHpVvSw=
> =KCnF
> -----END PGP SIGNATURE-----

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGk6Yzst+vzJSwZikRAnm+AKDVQzy+6+dnWW4CY+QD5Ix3kjsCnACgs61z
ldg1Dddil8ANLWJObNov0P4=
=TgiO
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------