Since this discussion is degenerating into argumentative speculation on both
our parts, I move we let it die, with the following conclusions:
It remains to be seen if XP REALLY will be the bane of the internet;
Internet security is EVERYONE's responsibility;
Install security cameras and shatterproof glass if you want to catch the
rock-throwers.
Rich Cloutier
SYSTEM SUPPORT SERVICES
www.sysupport.com
----- Original Message -----
From: "Derek Martin" <[EMAIL PROTECTED]>
To: "Rich Cloutier" <[EMAIL PROTECTED]>
Cc: "gnhlug" <[EMAIL PROTECTED]>
Sent: Sunday, July 08, 2001 7:50 PM
Subject: Re: grc.com Ddos analysis
> On Sun, Jul 08, 2001 at 01:54:52PM -0000, Rich Cloutier wrote:
>
> >> It is the sheer number of zombies, and their distribution, which
> >> make the attack so effective. Spoofing the source address would
> >> only set off ingress/egress filters at ISPs all along the way.
> >
> > ONLY if the spoofed address were something wild, from outside the
> > network domain. If only the last one or two octets, for example,
> > were randomly changed for each packet or group of packets sent out,
> > they would NOT trigger the filters, because the spoofed address
> > would still be a legitimate address within the network.
>
> Not necessarily. In fact, if the particular IP chosen were not in use
> at the compromised host's site, then THEIR OWN FIREWALL might filter
> the packets. I have to agree with Ben here... if you want to ensure
> success, you don't want to spoof your addresses.
>
> > Further, the attack would appear to come from a much larger
> > population of computers within the ISP's network, most of which are
> > really not compromised. This would frustrate any investigation by
> > leading to countless dead-ends.
>
> Again, not necessarily. If they're doing sufficient logging on their
> network devices, they might be able to trace the MAC address.
>
> > > > That's comforting--knowing that the reason we are not targeted more
than
> > > > we are is simply because there are bigger (stupider) fish out there.
> > >
> > > Bingo. This has been a fundamental of the auto security world for
> > years:
> > > Car alarms don't make your car impossible to steal. They just make it
> > easier
> > > to steal the car parked next to you.
> > >
> >
> > So we need more tools for the internet like Lo-Jack, to find these
malicious
> > hackers script kiddies and take them off the 'net for good.
>
> Again, assuming they're in your jurisdiction. I'd venture a guess
> that the majority of them aren't. So good luck. This is precisely
> what makes these attacks so problematical. The victim really has NO
> recourse. And unless your attacker has done a large amount of
> quantifiable damage, there's very little penalty, even if you do catch
> them. Much as if they'd thrown a rock through your window. Because
> in effect, in most cases, that's about what they've done.
>
>
> --
> ---------------------------------------------------
> Derek Martin | Unix/Linux geek
> [EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D
> Retrieve my public key at http://pgp.mit.edu
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
