Re: NTP DRDos Blog post
* st...@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]: I'd love to hear any feedback about the post. Don't invent new terms like DrDos. -- Niels.
Re: NTP DRDos Blog post
On Feb 20, 2014, at 11:14 PM, Niels Bakker niels=na...@bakker.net wrote: Don't invent new terms like DrDos. +1 --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: NTP DRDos Blog post
That's not a new term. http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack On 2/20/2014 11:14 AM, Niels Bakker wrote: * st...@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]: I'd love to hear any feedback about the post. Don't invent new terms like DrDos. -- Niels.
Re: NTP DRDos Blog post
On Feb 20, 2014, at 11:23 PM, Brian Rak b...@gameservers.com wrote: That's not a new term. It isn't used by folks involved in operational security. It's a marketing term. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: NTP DRDos Blog post
On Thu, 20 Feb 2014, Brian Rak wrote: That's not a new term. http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack Or Digital Research Disk Operating System...if you're old enough. Who knew DRDOS would become popular [again]? -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: NTP DRDos Blog post
Re: NTP DRDos Blog post
On Feb 20, 2014, at 11:34 AM, Dobbins, Roland rdobb...@arbor.net wrote: On Feb 20, 2014, at 11:23 PM, Brian Rak b...@gameservers.com wrote: That's not a new term. It isn't used by folks involved in operational security. It's a marketing term. I'll split the difference, folks in operational security dislike the term as they feel it's inaccurate. They tend to think it's marketing vs operational related. Reflection attacks are considered a sub-type of DoS/DDoS and do not require a new term. It's the same problem folks have with absolute terms like Unlimited Data with the asterisk. Can I direct the knife-fights about that part off-list? :) (and preferably exclude me, i get enough email). - jared
RE: NTP DRDos Blog post
Yes, it was also used here https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212 But still, it's just a DDoS. -Message d'origine- De : Brian Rak [mailto:b...@gameservers.com] Envoyé : jeudi 20 février 2014 17:24 À : nanog@nanog.org Objet : Re: NTP DRDos Blog post That's not a new term. http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack On 2/20/2014 11:14 AM, Niels Bakker wrote: * st...@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]: I'd love to hear any feedback about the post. Don't invent new terms like DrDos. -- Niels. _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
Re: NTP DRDos Blog post
On Feb 20, 2014, at 11:29 PM, antoine.meil...@orange.com antoine.meil...@orange.com wrote: Yes, it was also used here https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212 That's still meaningless. The term of art is 'reflection/amplification attack', as in 'ntp reflection/amplification attack' or 'DNS reflection/amplification attack'. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: NTP DRDos Blog post
- Original Message - From: Roland Dobbins rdobb...@arbor.net On Feb 20, 2014, at 11:14 PM, Niels Bakker niels=na...@bakker.net wrote: Don't invent new terms like DrDos. +1 What? Digital Research's MS-DOS clone is attacking things? Cheers, -- jr ':-)' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NTP DRDos Blog post
On 2/20/2014 9:17 AM, Jared Mauch wrote: I'll split the difference, folks in operational security dislike the term as they feel it's inaccurate. They tend to think it's marketing vs operational related. Reflection attacks are considered a sub-type of DoS/DDoS and do not require a new term. It's the same problem folks have with absolute terms like Unlimited Data with the asterisk. Can I direct the knife-fights about that part off-list? :) (and preferably exclude me, i get enough email). This is not a new term (certainly 12yo) and one that I see as useful, just as it is useful to differentiate between a DoS and a DDoS. That extra D tells you that it's distributed. Add an R and now it's reflected -- an important difference. If it's seen as being recently co-opted and misused by marketing people, then that's a shame. But its practicality trumps that in my eyes. And I am definitely on the operational security side here. I do generally prefer X reflection/amplification attack, as Roland suggested, as it is more specific. -John
Re: NTP DRDos Blog post
On Feb 21, 2014, at 2:37 AM, John j...@nuclearfallout.net wrote: This is not a new term (certainly 12yo) Actually, it's much more recent than that (in this context; as others have mentioned, DR-DOS was the acronym for Digital Research's MS-DOS clone). But I'm going to stop posting about this, now, as Jared suggested. ; --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: NTP DRDos Blog post
On 2/20/2014 11:43 AM, Dobbins, Roland wrote: Actually, it's much more recent than that (in this context; as others have mentioned, DR-DOS was the acronym for Digital Research's MS-DOS clone). I didn't just pluck that 12y term out of the air. I know how much Gibson is hated in some circles, but he used it in 2002: http://homes.cs.washington.edu/~arvind/cs425/doc/drdos.pdf. I read that in 2002, did other research about it in 2002, saw reflected attacks in 2002. Yes, I used DRDOS, too. -John
Re: NTP DRDos Blog post
On Feb 20, 2014, at 11:43 AM, Jon Lewis jle...@lewis.org wrote: On Thu, 20 Feb 2014, Brian Rak wrote: That's not a new term. http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack Or Digital Research Disk Operating System...if you're old enough. Who knew DRDOS would become popular [again]? I had wondered what the problem was, older than age, with anyone trying to run DRDOS. It should fit in the memory and cpu footprint of a modern toaster. -d - Dan Shoop sh...@iwiring.net 1-646-402-5293 (GoogleVoice)
Re: NTP DRDos Blog post
On Feb 21, 2014, at 2:51 AM, John j...@nuclearfallout.net wrote: I know how much Gibson is hated in some circles, He isn't/wasn't part of the operational community. It sure looks like you're right, he coined it then - as a marketing term, for marketing himself, heh. Maybe that's one of the reasons it's so disliked. ; I read that in 2002, did other research about it in 2002, saw reflected attacks in 2002. I saw reflected/amplified attacks in 2002, too, and that's what I called them. So did everyone else I worked with to mitigate them, heh. And I'm really going to shut up about this, now. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: NTP DRDos Blog post
Hello Harlen , On Wed, 19 Feb 2014, Harlan Stenn wrote: Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ --2014-02-20 15:03:13-- http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ Resolving nwtime.org (nwtime.org)... 140.211.15.245 Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection refused. I get the same type message from 3 differant sytems that I have access from three differant browsers . Did the url change or get locked down ? Tia , JimL In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks... -- +--+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkSystem Engineer | 3237 Holden Road | Give me Linux | | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +--+
Re: NTP DRDos Blog post
I was seeing database connect errors earlier. I suspect the host resources are limited. Jared Mauch On Feb 20, 2014, at 7:05 PM, Mr. James W. Laferriere bab...@baby-dragons.com wrote: Hello Harlen , On Wed, 19 Feb 2014, Harlan Stenn wrote: Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ --2014-02-20 15:03:13-- http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ Resolving nwtime.org (nwtime.org)... 140.211.15.245 Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection refused. I get the same type message from 3 differant sytems that I have access from three differant browsers . Did the url change or get locked down ? Tia , JimL In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks... -- +--+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkSystem Engineer | 3237 Holden Road | Give me Linux | | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +--+
Re: NTP DRDos Blog post
On 2/20/2014 7:05 PM, Mr. James W. Laferriere wrote: Hello Harlen , On Wed, 19 Feb 2014, Harlan Stenn wrote: Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ --2014-02-20 15:03:13-- http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ Resolving nwtime.org (nwtime.org)... 140.211.15.245 Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection refused. I get the same type message from 3 differant sytems that I have access from three differant browsers . Did the url change or get locked down ? Tia , JimL I can't get to any part of the nwtime.org web site. Google has a cached copy of the article. Search for site:nwtime.org ntp drdos attacks -DMM In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks... signature.asc Description: OpenPGP digital signature
