Re: Denials of Service Attacks

[intrusion () ENGINEER COM (J. Oquendo)]

> > >
My only real comment is against the recent trend of releasing 'broken'
exploits, as being against the spirit of "full disclosure."  I would
hasten to say that a large number of people using publish 'cracker'
tools are professionals, as opposed to script kids.
> > >

I beg to differ on a non-flamish note...

This wasn't a release of any specific program so I figured I would post it in hopes people would toss around ideas and 
get back to me and post relevant information on the subject.

> > >
Most of us are pretty busy, too.  While the error intentionally
introduced may be a small one, it frequently interferes with the flow of work - ie, testing the tool on your OWN 
hardware in order to develop defenses against similar attacks.
> > >

Some of the ideas thrown on the document can be used by router administrators, network administrators, and firewall 
adminstrators to avoid having to post on the incidents list since "if" tested, most admins could get an idea of 
checksums or related networking information (packet sniffers) and re-post on the subjects. So it'd definitely be a 
"Test on Your Own hardware" scenarion.

Again things were left out for the time being while I re-word and re-code some of the issues I've found and hope to 
publish.

> > > >
While I appreciate the sentiment in trying to limit malicious use... the argument for full disclosure is about the same 
argument against gun control, here in the US... The bad guys won't be deterred, and will still get their hands on 
powerful weapons.  Also, "who can debug some c code" isn't exactly a good litmus test, to determine who is 
'responsible' enough to get their hands on working tools.  Plenty of great network guys aren't c coders, and plenty of 
malicious kids are.
> > > >

Correct me if I'm wrong but this is a security related list and I sent this in hopes that what you call network guys 
would have enough sense to understand what I was trying to convey. Aside from the codes the actual Theories in DoS text 
file is filled with networking information which you might have seen if you would have looked.

> > > >
While I haven't yet looked at your code (for all I know, you just
commented out a critical line or something), I wanted to address this issue from a more... philisophical approach, in 
an attempt to head off this disturbing trend that I think doesn't jive with the purpose of a full-disclosure list.
> > > >

<note="reread2x">
Actually I left out a slew of options on packet information for the sake of avoiding being as hated as TFreak must've 
been when he released Smurf.
</note>

<snicker>
When I'm 100% comfortable with other findings and have found a way to address more issues then I'll post to Bugtraq as 
opposed to the Vuln-Dev list since afterall I may forgotten this was for developmental issues...
</snicker>

J. Oquendo // sil () antioffline com

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup