Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Compromised Hosts?

  • From: Richard A Steenbergen
  • Date: Mon Mar 22 13:21:48 2004

On Mon, Mar 22, 2004 at 10:53:29AM -0600, Ejay Hire wrote:
> 
> We get a lot of automated complaints.  A human reads all of
> them, and act on some of them.  I'm particularly fond of the
> dozen-a-week "Source quench" attack emails we get, where Joe
> Guy's IDS identifies the single source quench packet from a
> DSL Cpe as malicious.  Perhaps next time we should give our
> ICMP control messages friendlier names.  :)

If anyone had imagined a million windows twits with
blackice and enough free time to e-mail every alias
they could find sending in complaints (along with
threats to report you to the FBI, CIA, and DHS, as
well as sue you, your router vendor, and your dog)  
every time your evil webserver hacked them by
responding to their port 80 connection when the ICMP
spec was written, they would have named them ICMP NOT
ECHO AN REPLY ATTACK etc. Perhaps if more people were 
RFC3514 compliant... :)

Bottom line, it is remarkably difficult to take action 
based on random internet complaints. If there is a 
well known authoritive source for DoS tracking who 
wants to publish a list to ISP's fine, but don't 
expect the same reaction to random joe blow 
complainer.

-- 
Richard A Steenbergen <ras@e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.