Re: NTP DRDos Blog post

2014-02-20 Thread David Miller


On 2/20/2014 7:05 PM, Mr. James W. Laferriere wrote:
> Hello Harlen ,
> 
> On Wed, 19 Feb 2014, Harlan Stenn wrote:
>> Folks,
>> I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ .
> wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/
> --2014-02-20 15:03:13--
> http://nwtime.org/ntp-winter-2013-network-drdos-attacks/
> Resolving nwtime.org (nwtime.org)... 140.211.15.245
> Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed:
> Connection refused.
> 
> I get the same type message from 3 differant sytems that I have
> access from & three differant browsers .  Did the url change or get
> locked down ?
> Tia ,  JimL

I can't get to any part of the nwtime.org web site.

Google has a cached copy of the article.

Search for "site:nwtime.org ntp drdos attacks"

-DMM

> 
>> In general we've never allowed comments to blog posts on that site;
>> we're currently discussing if we should allow them for this post.
>> I'd love to hear any feedback about the post.
>> Thanks...
> 




signature.asc
Description: OpenPGP digital signature


Re: NTP DRDos Blog post

2014-02-20 Thread Jared Mauch
I was seeing database connect errors earlier. I suspect the host resources are 
limited. 

Jared Mauch

> On Feb 20, 2014, at 7:05 PM, "Mr. James W. Laferriere" 
>  wrote:
> 
>Hello Harlen ,
> 
>> On Wed, 19 Feb 2014, Harlan Stenn wrote:
>> Folks,
>> I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ .
>wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/
> --2014-02-20 15:03:13-- 
> http://nwtime.org/ntp-winter-2013-network-drdos-attacks/
> Resolving nwtime.org (nwtime.org)... 140.211.15.245
> Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: 
> Connection refused.
> 
>I get the same type message from 3 differant sytems that I have access 
> from & three differant browsers .  Did the url change or get locked down ?
>Tia ,  JimL
> 
>> In general we've never allowed comments to blog posts on that site;
>> we're currently discussing if we should allow them for this post.
>> I'd love to hear any feedback about the post.
>> Thanks...
> 
> -- 
> +--+
> | James   W.   Laferriere | SystemTechniques | Give me VMS |
> | Network&System Engineer | 3237 Holden Road |  Give me Linux  |
> | bab...@baby-dragons.com | Fairbanks, AK. 99709 |   only  on  AXP |
> +--+



Re: NTP DRDos Blog post

2014-02-20 Thread Mr. James W. Laferriere

Hello Harlen ,

On Wed, 19 Feb 2014, Harlan Stenn wrote:

Folks,
I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ .

wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/
--2014-02-20 15:03:13-- 
http://nwtime.org/ntp-winter-2013-network-drdos-attacks/

Resolving nwtime.org (nwtime.org)... 140.211.15.245
Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection 
refused.


	I get the same type message from 3 differant sytems that I have access 
from & three differant browsers .  Did the url change or get locked down ?

Tia ,  JimL


In general we've never allowed comments to blog posts on that site;
we're currently discussing if we should allow them for this post.
I'd love to hear any feedback about the post.
Thanks...


--
+--+
| James   W.   Laferriere | SystemTechniques | Give me VMS |
| Network&System Engineer | 3237 Holden Road |  Give me Linux  |
| bab...@baby-dragons.com | Fairbanks, AK. 99709 |   only  on  AXP |
+--+



Re: NTP DRDos Blog post

2014-02-20 Thread Dobbins, Roland

On Feb 21, 2014, at 2:51 AM, John  wrote:

> I know how much Gibson is hated in some circles,

He isn't/wasn't part of the operational community.  

It sure looks like you're right, he coined it then - as a marketing term, for 
marketing himself, heh.  Maybe that's one of the reasons it's so disliked.

;>

> I read that in 2002, did other research about it in 2002, saw reflected 
> attacks in 2002.

I saw reflected/amplified attacks in 2002, too, and that's what I called them.  
So did everyone else I worked with to mitigate them, heh.

And I'm really going to shut up about this, now.

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton




Re: NTP DRDos Blog post

2014-02-20 Thread Dan Shoop

On Feb 20, 2014, at 11:43 AM, Jon Lewis  wrote:

> On Thu, 20 Feb 2014, Brian Rak wrote:
> 
>> That's not a new term.
>> 
>> http://en.wikipedia.org/wiki/DRDOS
>> DRDoS, a type of network attack named Distributed Reflection Denial of 
>> Service.
>> http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack
> 
> Or Digital Research Disk Operating System...if you're old enough.
> Who knew DRDOS would become popular [again]?

I had wondered what the problem was, older than age, with anyone trying to run 
DRDOS. It should fit in the memory and cpu footprint of a modern toaster. 

-d 

-

Dan Shoop
sh...@iwiring.net
1-646-402-5293 (GoogleVoice)







Re: NTP DRDos Blog post

2014-02-20 Thread John

On 2/20/2014 11:43 AM, Dobbins, Roland wrote:

Actually, it's much more recent than that (in this context; as others have 
mentioned, DR-DOS was the acronym for Digital Research's MS-DOS clone).


I didn't just pluck that 12y term out of the air.

I know how much Gibson is hated in some circles, but he used it in 2002: 
http://homes.cs.washington.edu/~arvind/cs425/doc/drdos.pdf. I read that 
in 2002, did other research about it in 2002, saw reflected attacks in 2002.


Yes, I used DRDOS, too.

-John



Re: NTP DRDos Blog post

2014-02-20 Thread Dobbins, Roland

On Feb 21, 2014, at 2:37 AM, John  wrote:

> This is not a new term (certainly >12yo) 

Actually, it's much more recent than that (in this context; as others have 
mentioned, DR-DOS was the acronym for Digital Research's MS-DOS clone).

But I'm going to stop posting about this, now, as Jared suggested.  

;>

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton




Re: NTP DRDos Blog post

2014-02-20 Thread John

On 2/20/2014 9:17 AM, Jared Mauch wrote:

I'll split the difference, folks in operational security dislike the term as 
they
feel it's inaccurate.  They tend to think it's marketing vs operational related.

Reflection attacks are considered a sub-type of DoS/DDoS and do not require a 
new
term.  It's the same problem folks have with absolute terms like "Unlimited 
Data"
with the asterisk.

Can I direct the knife-fights about that part off-list? :)  (and preferably 
exclude me,
i get enough email).


This is not a new term (certainly >12yo) and one that I see as useful, 
just as it is useful to differentiate between a DoS and a DDoS. That 
extra "D" tells you that it's "distributed". Add an "R" and now it's 
"reflected" -- an important difference.


If it's seen as being recently co-opted and misused by marketing people, 
then that's a shame. But its practicality trumps that in my eyes. And I 
am definitely on the operational security side here.


I do generally prefer "X reflection/amplification attack", as Roland 
suggested, as it is more specific.


-John



Re: NTP DRDos Blog post

2014-02-20 Thread Jay Ashworth
- Original Message -
> From: "Roland Dobbins" 

> On Feb 20, 2014, at 11:14 PM, Niels Bakker 
> wrote:
> 
> > Don't invent new terms like DrDos.
> 
> +1

What?  Digital Research's MS-DOS clone is attacking things?

Cheers,
-- jr ':-)' a
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274



Re: NTP DRDos Blog post

2014-02-20 Thread Dobbins, Roland

On Feb 20, 2014, at 11:29 PM,  
 wrote:

> Yes, it was also used here 
> https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212

That's still meaningless.  The term of art is 'reflection/amplification 
attack', as in 'ntp reflection/amplification attack' or 'DNS 
reflection/amplification attack'.

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton




RE: NTP DRDos Blog post

2014-02-20 Thread antoine.meillet
Yes, it was also used here 
https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212

But still, it's just a DDoS.

-Message d'origine-
De : Brian Rak [mailto:b...@gameservers.com] 
Envoyé : jeudi 20 février 2014 17:24
À : nanog@nanog.org
Objet : Re: NTP DRDos Blog post

That's not a new term.

http://en.wikipedia.org/wiki/DRDOS
DRDoS, a type of network attack named Distributed Reflection Denial of Service.
http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack

On 2/20/2014 11:14 AM, Niels Bakker wrote:
> * st...@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]:
>> I'd love to hear any feedback about the post.
>
> Don't invent new terms like DrDos.
>
>
> -- Niels.
>



_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.




Re: NTP DRDos Blog post

2014-02-20 Thread Jared Mauch

On Feb 20, 2014, at 11:34 AM, Dobbins, Roland  wrote:

> 
> On Feb 20, 2014, at 11:23 PM, Brian Rak  wrote:
> 
>> That's not a new term.
> 
> It isn't used by folks involved in operational security.  It's a marketing 
> term.
> 

I'll split the difference, folks in operational security dislike the term as 
they
feel it's inaccurate.  They tend to think it's marketing vs operational related.

Reflection attacks are considered a sub-type of DoS/DDoS and do not require a 
new
term.  It's the same problem folks have with absolute terms like "Unlimited 
Data"
with the asterisk.

Can I direct the knife-fights about that part off-list? :)  (and preferably 
exclude me,
i get enough email).

- jared


Re: NTP DRDos Blog post

2014-02-20 Thread deleskie


Re: NTP DRDos Blog post

2014-02-20 Thread Jon Lewis

On Thu, 20 Feb 2014, Brian Rak wrote:


That's not a new term.

http://en.wikipedia.org/wiki/DRDOS
DRDoS, a type of network attack named Distributed Reflection Denial of 
Service.

http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack


Or Digital Research Disk Operating System...if you're old enough.
Who knew DRDOS would become popular [again]?

--
 Jon Lewis, MCP :)   |  I route
 |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_



Re: NTP DRDos Blog post

2014-02-20 Thread Dobbins, Roland

On Feb 20, 2014, at 11:23 PM, Brian Rak  wrote:

> That's not a new term.

It isn't used by folks involved in operational security.  It's a marketing term.

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton




Re: NTP DRDos Blog post

2014-02-20 Thread Brian Rak

That's not a new term.

http://en.wikipedia.org/wiki/DRDOS
DRDoS, a type of network attack named Distributed Reflection Denial of 
Service.

http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflected_.2F_Spoofed_attack

On 2/20/2014 11:14 AM, Niels Bakker wrote:

* st...@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]:

I'd love to hear any feedback about the post.


Don't invent new terms like DrDos.


-- Niels.






Re: NTP DRDos Blog post

2014-02-20 Thread Dobbins, Roland

On Feb 20, 2014, at 11:14 PM, Niels Bakker  wrote:

> Don't invent new terms like DrDos.

+1

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton




Re: NTP DRDos Blog post

2014-02-20 Thread Niels Bakker

* st...@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]:

I'd love to hear any feedback about the post.


Don't invent new terms like DrDos.


-- Niels.



NTP DRDos Blog post

2014-02-19 Thread Harlan Stenn
Folks,

I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ .

In general we've never allowed comments to blog posts on that site;
we're currently discussing if we should allow them for this post.

I'd love to hear any feedback about the post.

Thanks...

-- 
Harlan Stenn 
http://networktimefoundation.org  - be a member!