Leaving directed-bcast open would accomplish this on these devices, as well
as many others. A bigger problem here is that these irresponsible network
polyps would offer an icmp-independent amplifier. They essentially open
smurf amplification to any other protocol. Whereas a network might clob
On Sun, 14 Mar 2004, Petri Helenius wrote:
> With the amount of clue present, it´s unlikely that the upstream bandwidth in
> US or most of Europe will grow substantially over the next five years.
Heh, thats the kind of quote that comes back to haunt you 5 years down the line
:)
Steve
Joel Jaeggli wrote:
When pricing structures and deployment of broadband in the US approaches
that of Korea and Japan, I think you'll find that that isn't the case in
the US anymore.
If you have two items, travelling at different speeds and the one ahead
goes faster, they never approach ea
Sam Stickland wrote:
Out of interest, do the people see much in the way of DDOS attacks from
Japan? All that bandwidth and quite a sizable population (130 million) - but
maybe the latency to US and European targets contrains it?
Most attacks are unidirectional so the latency does not matter.
P
Joel Jaeggli wrote:
> On Thu, 11 Mar 2004, Petri Helenius wrote:
>
>>
>> Gregory Taylor wrote:
>>
>>>
>>> Oh yes, lets not forget the fact that if enough sites have this
>>> 'firewall' and one of them gets attacked by other sites using this
>>> firewall it'll create a nuclear fission sized chain r
On Thu, 11 Mar 2004, Petri Helenius wrote:
>
> Gregory Taylor wrote:
>
> >
> > Oh yes, lets not forget the fact that if enough sites have this
> > 'firewall' and one of them gets attacked by other sites using this
> > firewall it'll create a nuclear fission sized chain reaction of
> > loopin
> Fortunately people with less clue usually have less bandwidth. Obviously
> there are exceptions. I would expect to see localized tragedies if
> something like this would get deployed but predicting death of the
> internet is clueless.
Hmm thats little comfort if your sharing your cable modem
the thing is though, by allowing any /32's... what prevents
/all/ customers from abusing it by curiosity of what would
happen? :)
the fact that you are allowing any /32's (up to 100 or whatever
max prefix lim. you set) is like giving a can of worms to your
On Thu, Mar 11, 2004 at 05:17:35PM -0500, Deepak Jain wrote:
>
> Just like the blackhole community routes, certain /32's (only, nothing
> shorter) can be exported from the customer to the backbone to be
> blackholed at the edges. The twist, is that instead of limited the
> customer announcemen
VA> Date: Thu, 11 Mar 2004 08:12:04 -0500
VA> From: Vinny Abello
VA> Plus imagine an attack originates behind one of these devices
VA> for some reason attacking another device. It'll just create a
VA> massive loop. :) That would be interesting.
I wonder if it pays attention to the "evil bit"? ;
Get involved with your local high schools. Sponsor user groups at the
high school. Offer to teach some mini courses.
The teenage crowd needs our help learning best practices and ethics.
The hacking problem is multi-faceted, of course, and this is just one
facet of a partial solution, but still
riginal Message-
From: Etaoin Shrdlu [mailto:[EMAIL PROTECTED]
Sent: 11 March 2004 14:58
To: Nanog
Subject: Re: Counter DoS
"Pendergrass, Greg" wrote:
>
> I can see now that it's only a matter of time before some nut writes "The
> Art of War in the Internet".
On Thursday, March 11, 2004 6:16 PM [EST], william(at)elan.net
<[EMAIL PROTECTED]> wrote:
>>
>> Which RBL operators flood /24's or /16's? What do they flood them
>> with?
>
> I think he meant that RBLs sometimes include entire /24 in RBL list when
> only one or two ips are at fault and some woul
william(at)elan.net wrote:
On Thu, 11 Mar 2004, Laurence F. Sheldon, Jr. wrote:
Petri Helenius wrote:
Maybe there is a lesson to be learned from many RBL operators. To make
sure, just send packets to the whole /24 or /16 you got an "attack"
packet from.
Which RBL operators flood /24's or /16'
Here is a solution I would like to propose -- it is not as
set-and-forget as network operators like, but we do know that some of
our customers have a lot of expertise with this stuff, and taking
advantage of that value helps. This is along the categories of
collateral damage, scorched earth a
On Thu, 11 Mar 2004, Laurence F. Sheldon, Jr. wrote:
> Petri Helenius wrote:
>
> > Maybe there is a lesson to be learned from many RBL operators. To make
> > sure, just send packets to the whole /24 or /16 you got an "attack"
> > packet from.
>
> Which RBL operators flood /24's or /16's? What
Petri Helenius wrote:
Maybe there is a lesson to be learned from many RBL operators. To make
sure, just send packets to the whole /24 or /16 you got an "attack"
packet from.
Which RBL operators flood /24's or /16's? What do they flood them
with?
--
Requiescas in pace o email
Deepak Jain wrote:
If you wanted to do that, wouldn't the firewall just need
directed-broadcast left open or emulate similar behavior, or even
turning ip unreachables back on?
Flooding pipes accidentally is easy enough. Now people are selling
products to do it deliberately.
Maybe there is a
e:
-Original Message-
From: Gregory Taylor [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 3:55 PM
To: Rachael Treu
Cc: [EMAIL PROTECTED]
Subject: Re: Counter DoS
Yes, lets allow the kiddies who already get away with as little work as
they can in order to produce the most de
On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of:
>
> If you wanted to do that, wouldn't the firewall just need
> directed-broadcast left open or emulate similar behavior, or even
> turning ip unreachables back on?
Exactly my point in using the word "amplif
If you wanted to do that, wouldn't the firewall just need
directed-broadcast left open or emulate similar behavior, or even
turning ip unreachables back on?
Flooding pipes accidentally is easy enough. Now people are selling
products to do it deliberately.
Yeesh.
I saw a license plate this w
-Original Message-
From: Gregory Taylor [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 3:55 PM
To: Rachael Treu
Cc: [EMAIL PROTECTED]
Subject: Re: Counter DoS
Yes, lets allow the kiddies who already get away with as little work as
they can in order to produce the most
Yes, lets allow the kiddies who already get away with as little work as
they can in order to produce the most destruction they can, the ability
to use these 'Security Systems' as a new tool for DoS attacks against
their enemies.
Scenerio:
Lets say my name is: l33th4x0r
I want to attack joe
On Thu, Mar 11, 2004 at 03:21:29AM -0500, Brian Bruns said something to the effect of:
>
> On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns <[EMAIL PROTECTED]>
> wrote:
..snip snip..
> > How the hell could a company put something like this out, and expect not to
> > get themselves sued to t
On Thu, Mar 11, 2004 at 03:21:29AM -0500, Brian Bruns said something to the effect of:
>
> On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns <[EMAIL PROTECTED]>
> wrote:
..snip snip..
> > How the hell could a company put something like this out, and expect not to
> > get themselves sued to t
Two words (well...one hyphenated-reference):
spoofed-source
bah,
--ra
--
k. rachael treu, CISSP [EMAIL PROTECTED]
..quis costodiet ipsos custodes?..
On Wed, Mar 10, 2004 at 11:50:56PM -0800, Gregory Taylor said something to the effect
of:
>
> Oh yes, lets not forget the fact that if
Mmm. A firewall that lands you immediately in hot water with your
ISP and possibly in a courtroom, yourself. Hot.
Legality aside...
I don't imagine it would be too hard to filter these retaliatory
packets, either. I expect that this would be more wad-blowing
than cataclysm after the initial t
Eric Gauthier wrote:
Most Universities have a large clueless.. um, I mean, student population
sitting on 10 or 100 meg switched ports and several hundred meg's to the
Internet
You mis-spelled "faculty, researcher, and staff populations".
Today's students (as well as non-trivial portions of t
> > Fortunately people with less clue usually have less bandwidth.
>
> Don't be so sure that people with no clue don't have bandwidth, large
> companies with enourmouse resources sometimes end up with really clueless
> people at the top and similarly clueless network techs.
Most Universities
a is bound to fail but also likely be a
major irritation before it does.
GP
-Original Message-
From: Etaoin Shrdlu [mailto:[EMAIL PROTECTED]
Sent: 11 March 2004 14:58
To: Nanog
Subject: Re: Counter DoS
"Pendergrass, Greg" wrote:
>
> I can see now that it's only a matte
"Pendergrass, Greg" wrote:
>
> I can see now that it's only a matter of time before some nut writes "The
> Art of War in the Internet". I read the whitepaper, it goes on a lot about
> how defensive policies are ineffective but doesn't really say why active
> response has never been tried:
Ask, a
On Thu, 11 Mar 2004 03:21:29 EST, Brian Bruns <[EMAIL PROTECTED]> said:
> So, and who thinks that this is a good idea? :)
What's the going rate per megabyte for transit traffic? :)
pgp0.pgp
Description: PGP signature
On 10.03 20:55, Steven M. Bellovin wrote:
>
> The phrase "seriously bad idea" comes to mind. Other phrases include
> "illegal", "collateral damage", and "stupid".
Those plus "escalation of agression" and "uncontrollable feedback loop".
Daniel Karrenberg
PS: I will spare you the re-run of a r
On Thu, 11 Mar 2004, Petri Helenius wrote:
> Gregory Taylor wrote:
> > Oh yes, lets not forget the fact that if enough sites have this
> > 'firewall' and one of them gets attacked by other sites using this
> > firewall it'll create a nuclear fission sized chain reaction of
> > looping Denial o
Gregory Taylor wrote:
Oh yes, lets not forget the fact that if enough sites have this
'firewall' and one of them gets attacked by other sites using this
firewall it'll create a nuclear fission sized chain reaction of
looping Denial of Service Attacks that would probably bring most major
backbo
At 02:25 AM 3/11/2004, Gregory Taylor wrote:
After reading that article, if this product really is capable of 'counter
striking DDoS attacks', my assumption is that it will fire packets back at
the nodes attacking it. Doing such an attack would not be neither
feasible or legal. You would only
>I wonder, are they planning to launch these DDoS attacks from
>compromised hosts belonging to unwitting accomplices like the
>bad guys do?
Could they be the people behind NetSky? We know now that Bagle
and MyDoom come from spammer gangs but I haven't heard if anyone
has identified a motive behin
GP
-Original Message-
From: Joshua Brady [mailto:[EMAIL PROTECTED]
Sent: 11 March 2004 01:27
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Counter DoS
http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
Comments?
Vodafone Global Content Services Lim
At 09:43 AM 11-03-04 +, Brandon Butterworth wrote:
> The Symbiot whitepaper on their service describes a process with a
> little more imagination
Like hooking it up to DARPA Grand Challenge winners?
http://abcnews.go.com/sections/SciTech/WorldNewsTonight/robot_race_darpa_040310-1.html
They re
> The Symbiot whitepaper on their service describes a process with a
> little more imagination
Like hooking it up to DARPA Grand Challenge winners?
http://abcnews.go.com/sections/SciTech/WorldNewsTonight/robot_race_darpa_040310-1.html
> I applaud the idea of a outsourced department that will ma
On Thu, 11 Mar 2004, Baldwin, James wrote:
> I applaud the idea of a outsourced department that will manage the
> denial of service, and "hordes of script kiddie" (nod to Ranum) problems
> that plague modern networks. Anything that keeps me from being
> distracted from more interesting lines of th
http://www.symbiot.com/media/iwROE.pdf
The Symbiot whitepaper on their service describes a process with a
little more imagination and use than simply flooding attacking nodes
with packets. It describes a process which appears to require human
intervention through an Operations Center to aid in tr
My mom likes the idea, she thinks it'll help her get her hotmail faster.
(shrugs)
Brian Bruns wrote:
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns <[EMAIL PROTECTED]>
wrote:
Sounds like efnet channel wars on a much more interesting scale.
Like I've said in previous posts - do we rea
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns <[EMAIL PROTECTED]>
wrote:
>
> Sounds like efnet channel wars on a much more interesting scale.
>
> Like I've said in previous posts - do we really want these people having
> tools like this? Doesn't this make them the equivelant of 'script
On Thursday, March 11, 2004 2:43 AM [EST], Jay Hennigan <[EMAIL PROTECTED]> wrote:
>
> On the other hand, they could become immensely popular, reaching the
> critical mass when one of them detects what is interpreted as an attack
> from a network protected by another. Grab the popcorn and watch
Oh yes, lets not forget the fact that if enough sites have this
'firewall' and one of them gets attacked by other sites using this
firewall it'll create a nuclear fission sized chain reaction of looping
Denial of Service Attacks that would probably bring most major backbone
providers to their k
On Wed, 10 Mar 2004, Gregory Taylor wrote:
> After reading that article, if this product really is capable of
> 'counter striking DDoS attacks', my assumption is that it will fire
> packets back at the nodes attacking it. Doing such an attack would not
> be neither feasible or legal. You would
After reading that article, if this product really is capable of
'counter striking DDoS attacks', my assumption is that it will fire
packets back at the nodes attacking it. Doing such an attack would not
be neither feasible or legal. You would only double the affect that the
initial attack ca
I remember the sidewinder. They had a huge marketing campaign aimed at
convincing the customer that their firewalls were inpenetrable. Their
firewalls didn't sell all that well, and those that did sell, proved to
be a colossal failure. I still have a deck of 'sidewinder' playing
cards from C
On Wed, 10 Mar 2004, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]>, "Joshua Brady" writes:
> >
> >http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
> >
> >Comments?
>
> The phrase "seriously bad idea" comes to mind. Other phrases include
> "illegal", "collateral da
On Wed, 10 Mar 2004, Mark Borchers wrote:
>
> > The company said it bases its theory on the military doctrine of
> > "necessity and proportionality", which means the response to
> > an attack is
> > proportionate to the attack's ferocity. According to the
> > company, a response could range from
> The company said it bases its theory on the military doctrine of
> "necessity and proportionality", which means the response to
> an attack is
> proportionate to the attack's ferocity. According to the
> company, a response could range from "profiling and
> blacklisting upstream providers"
I actually thought that this was some kind of April Fools day joke a few
weeks early.
Anyone who buys this should be shot on principleWait...First I have a
bridge to sell them.
At 05:55 PM 3/10/2004, Steven M. Bellovin wrote:
In message <[EMAIL PROTECTED]>, "Joshua Brady" writes:
>
>http://
On Wed, 10 Mar 2004, Joshua Brady wrote:
>
> http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
> Comments?
This is not really a comment about this article. But I really think it
would have been better if people don't just put the link and then say
"comments" but actually p
In message <[EMAIL PROTECTED]>, "Joshua Brady" writes:
>
>http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
>
>Comments?
The phrase "seriously bad idea" comes to mind. Other phrases include
"illegal", "collateral damage", and "stupid".
--Steve Bellovin, http
http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
Comments?
56 matches
Mail list logo
