[no subject]

[sp00n <sp00n () APOLLO GTI NET>]

> J. Oquendo writes:
> > <note="reread2x">
> > Actually I left out a slew of options on packet information for the sake
of avoiding being as hated as >>TFreak must've been when he released
Smurf.
> > </note>

****not trying to flame here, just encourage*****
**** need food and drink so my thoughts might be little disorganized****

        Why would anyone hate TFreak? Why not be mad at the people that
used it? Or the vendor? or the Admin who leaves his net open? All TFreak
did was take a known bug(it says in ping.c by [i am paraphrasing
here]"pinging the broadcast adress you can generate a lot of traffic" and
the ping code is circa 1983-4). It's like being pissed someone broke in
your house becasue you had no locks, knowing full well there are burglars
in the world(and being mad at the guy who invented the crowbar). I mean
people should have had ingress filtering way before smurfing saw the light
of day, a lot of people got cought with their pants down.

        And the vendors? Why would your OS  respond to a ping adressed to
a broadcast, it is such a little used(i've never had a legit need for
it,others might) feature that if you need it, you know enough about it to
figure out where to turn it on.  It's like who needs echo and chargen? and
if you do need it you know where to turn it on, as well as the risks it
carrys. I think getting pissed at Tfreak is silly and illogical, the bug
existed prior to him. It was well known before him, he just made the skill
level required to launch an attack like that very low.

The fix was relativly simple too..............

        Three years later you can still launch the same type of DoS. Who's
to blame now? And what good is finger pointing, it dosent solve the
problem. Talking about problems in the open gets them resolved(sometimes
;) So I think you should talk about your protocol bugs. Hell, the whole
point of these mail lists,etc... it's to talk about them.... You minimize
your exposure, make your network and programs robust. By doing that you
increase the skill level required to attack your net or program, beyond
the script kiddie level. And to do this, bugs and exploits and potential
ones need to be talked about. I dont know a lot of things that others may
know and vice versa.
        
        Thats is why certain .org's , vendors as well as the users are
ineffective.  When you say OS XYZ has a remote root hole in it, and thats
it and give some bandaid of a fix or a convoluted explination how good
does that do anyone? You have to talk about it all not only to educate the
user, but sometimes to force them to become more technical. This stuff
ain't always easy or straightforward, nor is the answer or the solution. A
lot of times people want an easy fix.. sometimes that fix makes things
worse or you are where you started from. If you talked about the bug and
fix in the open people review it.

        So the uneducated users get mad at people for discussing bugs, not
realizing sometimes that is the only way to get everyone to take notice.
You cant keep secrets forever.


Matt