|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDOS anecdotes
Daniel >>Obviously, a general spoofing tool for Win95 could be written. After reading that part of the tirade, I came to the same conclusion as a previous poster... lots of FUD, and not much more.<< I'm having a hard time understanding this. Wouldn't it be easier/simpler for these crackers to just install their bots on, oh say, 20 million machines running XP than the crackers having to deal with installing the bot -and- the code to do the spoofing on Win95/98/98SE/98ME? Michael Painter ----- Original Message ----- From: "Daniel Senie" <[email protected]> To: "Tim Wilde" <[email protected]> Cc: <[email protected]> Sent: Saturday, June 23, 2001 9:13 AM Subject: RE: DDOS anecdotes > > At 02:37 PM 6/23/01, Tim Wilde wrote: > > > > This is a real problem. It's not FUD. Microsofts choice to include full > > > IP stack capabilities will make the problem worse, but I do not blame > > > their IP stack for this like Mr Gibson does though. > > > >Oh, it's most certainly a real problem, but I don't agree that the changes > >in Win XP will really make any difference whatsoever. With some very > >trivial driver additions, raw sockets can be accessed under any previous > >version of Windows, just like in XP. > > > Indeed, there have been LAN analyzers which run on all variants of Windows > for a very long time. These can generate / play back traffic, using > whatever source IP addresses and MAC addresses were on the original > packets. Obviously, a general spoofing tool for Win95 could be written. > After reading that part of the tirade, I came to the same conclusion as a > previous poster... lots of FUD, and not much more. > > It's been 5 years since the document now published as RFC 2827 was first a > draft. Many sites do ingress or egress filtering. Many don't. Most router > equipment can now handle it, according to the manufacturers. Yes, there are > issues dealing with multi-homing. However, it appears many attacks still > originate from single homed sites, dialup sites, cable modem attached > systems, and the like. In most cases, these could be filtered. Has anyone > at any of the cable modem vendors made any attempts to try ingress > filtering in the cable system head-end routers? Did it work? Need help > trying it out? While Ingress filtering will not cure the world, it can help > de-fang many attacks. Unfortunately, it requires cooperation to be effective. > > ----------------------------------------------------------------- > Daniel Senie [email protected] > Amaranth Networks Inc. http://www.amaranth.com >
|