North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Yahoo! Lessons Learned
- From: K. Graham
- Date: Tue Feb 08 12:01:21 2000
On 8 Feb 2000, Sean Donelan wrote:
> Date: 8 Feb 2000 03:25:36 -0800
> From: Sean Donelan <email@example.com>
> To: firstname.lastname@example.org
> Subject: Yahoo! Lessons Learned
> As much as I enjoy finding out about Yahoo & GlobalCenter issues by
> reading the newswires, I wonder if there are any lessons we can learn
> from these events. Or was this not big enough to get attention of
> upper management?
> Was there something Yahoo!, GlobalCeneter or other providers could
> have done, either individually or in cooperation, to prevent the
One of the emails sent in, mentioned that a network they work with or
for was being utilized as an amplifier. Each network that have
gateway routers should ensure that they disallow IP broadcasts.
It was mentioned that this was a co-ordinated attack. That meant a bit
planning and access to various machines. As to the number of attackers
only Yahoo's internal people may know. Even then it may have only been
one individual with a script that accessed many locations at one time
initiated the commands. There is the ability to do such an attack.
The reality of "stay connected 24/7" at the household level with
highspeed internet, makes the possibility of this attack more of
a multi level victom attack. Home users do not know that they are
leaving the door open to exploitation with simple Window's shares. Savy
people gain access to the cable and dsl modem user's PCs and then launch
their attacks. Small utilities are put in place to make it easier to
the exploited machines. Thus creating a network of available attack,
harder to track connections.
Education is a tool that can be used to inform customers. If each node
the Internet takes care of it's own doors then there will be less
available launching pads. Thus making it a bit simpler to track an
Who or what will do the education is a question. Who are the
parties if no education is taken or given? To me, the responsiblity
question is a nitemare at best.
I just hope Yahoo's unfortunate incident opens some eyes, some lines
of communication and education.
Network Analyst, CCNA