North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDOS anecdotes
>>The bottom line is that Gibson's an hysteric crank who doesn't know what he's talking about.<< Thanks to everyone for the links and info. --Michael ----- Original Message ----- From: "Roland Dobbins" <[email protected]> To: "Paul Vixie" <[email protected]> Cc: <[email protected]> Sent: Saturday, June 23, 2001 12:39 PM Subject: Re: DDOS anecdotes > > I think the idea is to either use a buffer overflow or somesuch (yes, > they exist on Windows) to either get the machine to run a > .vbs/ActiveX/wsh > at the time of penetration, or plant something that will get run when > the user does certain things or the machine's rebooted. There are > several tools > which can do spoofing on NT/2000 using the Win32 version of libpcap, and > there > are tools for Win9x into which the coders wrote their own functions. > > A five-minute search on google.com will reveal them. > > The bottom line is that Gibson's an hysteric crank who doesn't know what > he's > talking about. Yes, providers and customers need to secure their > boxes/do egress > filtering/implement CAR and/or WFQ and/or SPD and/or TurboACLs wherever > possible; yes, users need to know how to get hold of their providers' > NOCs/support staff -ahead of time-; yes, they need to look at Cisco > 7600-type > and/or 6500/MSFC2/Sup2s to process ACLs wherever possible; no, none of > this is new. > > He hadn't secured his routers in the least, and betrays a stunning > ignorance > of how the Internet in general and IP specifically works. Then he > gets on his soapbox about it and proclaims that he, and only he, knows > how to save the Internet. > > There're plenty of things to bash Microsoft over, both generally and in > regards to XP in general - but the fact that they implemented a standard > socket interface in XP isn't one of them. > > Do realize that in the last year or so, Gibson claimed to've invented > 'stealth' > scanning a la nmap. He also published some crazy method for supposedly > optimizing ZIP drives which has the effect of destroying your ZIP > cartridges. I personally think he's unhinged, and a huckster to boot. > > His latest folly is to automagically post logs of what he says are the > IPs of machines launching DoS attacks against his site, and urge users > to contact Bill Gates and blame Microsoft for it. Needless to say, > most of the machines on the list seem to supposedly be routers or > switches > of one stripe or another, and/or *NIX boxes. My guess is that the vast > majority of those IPs are spoofed. He also urges service providers to > take action against the supposed offenders. > > Although I hate Microsoft with a passion, I hope that they sue him for > slander - I'd love to see these two FUD-spreaders go after one another. > Hell, I'd be willing to serve for free as an 'expert witness' for the > purpose > of taking him apart in court. > > Gibson's an idiot. Ignore him. > > > Paul Vixie wrote: > > > > > I'm having a hard time understanding this. Wouldn't it be easier/simpler for > > > these crackers to just install their bots on, oh say, 20 million machines > > > running XP than the crackers having to deal with installing the bot -and- > > > the code to do the spoofing on Win95/98/98SE/98ME? > > > > Doesn't matter. Either way it's an automated script-kiddie tool. No way > > either approach works if it requires manual keystrokes by the attacker. > > -- > ------------------------------------------------------------ > Roland Dobbins <[email protected]> // 408.859.4137 voice >
|