North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: DDOS anecdotes
- From: Michael Painter
- Date: Sat Jun 23 19:55:24 2001
>>The bottom line is that Gibson's an hysteric crank who doesn't know what
he's talking about.<<
Thanks to everyone for the links and info.
----- Original Message -----
From: "Roland Dobbins" <email@example.com>
To: "Paul Vixie" <firstname.lastname@example.org>
Sent: Saturday, June 23, 2001 12:39 PM
Subject: Re: DDOS anecdotes
> I think the idea is to either use a buffer overflow or somesuch (yes,
> they exist on Windows) to either get the machine to run a
> at the time of penetration, or plant something that will get run when
> the user does certain things or the machine's rebooted. There are
> several tools
> which can do spoofing on NT/2000 using the Win32 version of libpcap, and
> are tools for Win9x into which the coders wrote their own functions.
> A five-minute search on google.com will reveal them.
> The bottom line is that Gibson's an hysteric crank who doesn't know what
> talking about. Yes, providers and customers need to secure their
> boxes/do egress
> filtering/implement CAR and/or WFQ and/or SPD and/or TurboACLs wherever
> possible; yes, users need to know how to get hold of their providers'
> NOCs/support staff -ahead of time-; yes, they need to look at Cisco
> and/or 6500/MSFC2/Sup2s to process ACLs wherever possible; no, none of
> this is new.
> He hadn't secured his routers in the least, and betrays a stunning
> of how the Internet in general and IP specifically works. Then he
> gets on his soapbox about it and proclaims that he, and only he, knows
> how to save the Internet.
> There're plenty of things to bash Microsoft over, both generally and in
> regards to XP in general - but the fact that they implemented a standard
> socket interface in XP isn't one of them.
> Do realize that in the last year or so, Gibson claimed to've invented
> scanning a la nmap. He also published some crazy method for supposedly
> optimizing ZIP drives which has the effect of destroying your ZIP
> cartridges. I personally think he's unhinged, and a huckster to boot.
> His latest folly is to automagically post logs of what he says are the
> IPs of machines launching DoS attacks against his site, and urge users
> to contact Bill Gates and blame Microsoft for it. Needless to say,
> most of the machines on the list seem to supposedly be routers or
> of one stripe or another, and/or *NIX boxes. My guess is that the vast
> majority of those IPs are spoofed. He also urges service providers to
> take action against the supposed offenders.
> Although I hate Microsoft with a passion, I hope that they sue him for
> slander - I'd love to see these two FUD-spreaders go after one another.
> Hell, I'd be willing to serve for free as an 'expert witness' for the
> of taking him apart in court.
> Gibson's an idiot. Ignore him.
> Paul Vixie wrote:
> > > I'm having a hard time understanding this. Wouldn't it be easier/simpler
> > > these crackers to just install their bots on, oh say, 20 million machines
> > > running XP than the crackers having to deal with installing the bot -and-
> > > the code to do the spoofing on Win95/98/98SE/98ME?
> > Doesn't matter. Either way it's an automated script-kiddie tool. No way
> > either approach works if it requires manual keystrokes by the attacker.
> Roland Dobbins <email@example.com> // 408.859.4137 voice