Re: Online Games Consoles and Security Implications

[Valdis.Kletnieks () vt edu]

On Tue, 21 May 2002 08:50:57 EDT, Elan Hasson <elan () daryl org>  said:

> The xbox is VERY secure, read the docs on Network Security in the SDK.

Color me dubious, if you're basing that statement on the docs.  If you're
citing "and Big Name XYZ wasn't able to break it either", then I'll be a
*bit* more inclined to agree.

Remember that Allchin testified under oath last week that many of those
API's had to remain undocumented for "national security" - presumably
because if hackers knew the API was there, they could rape, pillage, and
burn even worse than they are now.

Now, admittedly, the fact that IE is (hopefully) not in the XBox version
of Embedded XP improves matters significantly.

> MS even has a bit in there about Denial Of Service..and how the xbox can
> handle it and not affect game performance.

However, I won't buy the "handle it and not affect game performance" at
face value until tested by others.  I mean, let's THINK for a moment -
do they just mean "non-network game performance"?  If you're on a cable
modem playing a game that wants 100kbits/sec of data, and you get hosed
down by a DoS attack that drops your effective throughput to 5kbits,
you WILL BE HOSED, no matter what the docs say.

Unless Microsoft has some ultra-sneaky ultra-nifty QoS hooks in its
TCP/IP stack that interface into the routers at the upstream end of your
connection so you don't get packets you didn't want?  Of course, if such
hooks did exist, somebody should clue in the Cisco and Juniper users over
on the NANOG mailing list - one guy at a Tier-1 provider was estimating
that 10-15% of *all* the traffic was DDOS-related.
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description: