DDOS anecdotes

Sat Jun 23 23:47:27 UTC 2001

>>The bottom line is that Gibson's an hysteric crank who doesn't know what
he's talking about.<<

Thanks to everyone for the links and info.

--Michael

----- Original Message -----
From: "Roland Dobbins" <rdobbins at netmore.net>
To: "Paul Vixie" <vixie at mfnx.net>
Cc: <nanog at merit.edu>
Sent: Saturday, June 23, 2001 12:39 PM
Subject: Re: DDOS anecdotes

>
> I think the idea is to either use a buffer overflow or somesuch (yes,
> they exist on Windows) to either get the machine to run a
> .vbs/ActiveX/wsh
> at the time of penetration, or plant something that will get run when
> the user does certain things or the machine's rebooted.  There are
> several tools
> which can do spoofing on NT/2000 using the Win32 version of libpcap, and
> there
> are tools for Win9x into which the coders wrote their own functions.
>
> A five-minute search on google.com will reveal them.
>
> The bottom line is that Gibson's an hysteric crank who doesn't know what
> he's
> talking about.  Yes, providers and customers need to secure their
> boxes/do egress
> filtering/implement CAR and/or WFQ and/or SPD and/or TurboACLs wherever
> possible; yes, users need to know how to get hold of their providers'
> NOCs/support staff -ahead of time-; yes, they need to look at Cisco
> 7600-type
> and/or 6500/MSFC2/Sup2s to process ACLs wherever possible; no, none of
> this is new.
>
> He hadn't secured his routers in the least, and betrays a stunning
> ignorance
> of how the Internet in general and IP specifically works.  Then he
> gets on his soapbox about it and proclaims that he, and only he, knows
> how to save the Internet.
>
> There're plenty of things to bash Microsoft over, both generally and in
> regards to XP in general - but the fact that they implemented a standard
> socket interface in XP isn't one of them.
>
> Do realize that in the last year or so, Gibson claimed to've invented
> 'stealth'
> scanning a la nmap.  He also published some crazy method for supposedly
> optimizing ZIP drives which has the effect of destroying your ZIP
> cartridges.  I personally think he's unhinged, and a huckster to boot.
>
> His latest folly is to automagically post logs of what he says are the
> IPs of machines launching DoS attacks against his site, and urge users
> to contact Bill Gates and blame Microsoft for it.  Needless to say,
> most of the machines on the list seem to supposedly be routers or
> switches
> of one stripe or another, and/or *NIX boxes.  My guess is that the vast
> majority of those IPs are spoofed.  He also urges service providers to
> take action against the supposed offenders.
>
> Although I hate Microsoft with a passion, I hope that they sue him for
> slander - I'd love to see these two FUD-spreaders go after one another.
> Hell, I'd be willing to serve for free as an 'expert witness' for the
> purpose
> of taking him apart in court.
>
> Gibson's an idiot.  Ignore him.
>
>
> Paul Vixie wrote:
> >
> > > I'm having a hard time understanding this.  Wouldn't it be easier/simpler
for
> > > these crackers to just install their bots on, oh say, 20 million machines
> > > running XP than the crackers having to deal with installing the bot -and-
> > > the code to do the spoofing on Win95/98/98SE/98ME?
> >
> > Doesn't matter.  Either way it's an automated script-kiddie tool.  No way
> > either approach works if it requires manual keystrokes by the attacker.
>
> --
> ------------------------------------------------------------
> Roland Dobbins <rdobbins at netmore.net> // 408.859.4137 voice
>