Re: FW: Re: Is there a line of defense against Distributed Reflectiveattacks?

On Fri, 17 Jan 2003, Stewart, William C (Bill), RTLSL wrote: > > > > -Original Message- > From: Stewart, William C (Bill), RTLSL > Sent: Friday, January 17, 2003 5:35 PM > To: '[EMAIL PROTECTED]' > Subject: Re: Is there a line of defense against Distributed Reflective > attacks? > > > Ma

FW: Re: Is there a line of defense against Distributed Reflective attacks?

-Original Message- From: Stewart, William C (Bill), RTLSL Sent: Friday, January 17, 2003 5:35 PM To: '[EMAIL PROTECTED]' Subject: Re: Is there a line of defense against Distributed Reflective attacks? Many of these attacks can be mitigated by ISPs that do anti-spoofing filtering on i

Re: OT: Network Operator Humor

Jeremy T. Bouse wrote: Just had a co-worker pass this one one to me and thought some might find the humor in it as well... http://www.dude.ru/music/gigflapping.html Hmmm. Awesome. I must add a cronjob that plays this MP3 during scheduled backbone maintenance window :-) -hc

Re: Is there a line of defense against Distributed Reflective attacks?

> > Getting everyone to take security more seriously will most likely never > > going to happen.. :( > > If this is the case then we are screwed... I hope its not the case, I hope > that the customer service folks at ISP/NSP's and NOC and Engineering folks > all keep this in their minds and push

Re: [Re: Less than 2% of computer attacks on military are successful]

Randy Bush <[EMAIL PROTECTED]> wrote: > > > After last weeks spam run on Iraq, the US military and NIPC are > > concerned Iraq might be behind a rise in electronic attacks > > against government and military networks. > > and we are supposed to have sympathy for those who struck the first > blow

OT: Network Operator Humor

Just had a co-worker pass this one one to me and thought some might find the humor in it as well... http://www.dude.ru/music/gigflapping.html

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, 17 Jan 2003, Haesu wrote: > > I guess the question of all this is may be... what could be done to > perhaps... to minimize the impact of DoS attacks pointed at a victim host? Everyone take security more seriously, have some inhouse security clue, deal with incidents in a timely manner w

Re: Is there a line of defense against Distributed Reflective attacks?

Having researched this in-depth after reading a rather cursory article on the topic (http://grc.com/dos/drdos.htm), only two main methods come to my mind to protect against it. There are a few more methods, some have already mentioned including something called pushback. Very few solutions, pa

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, 17 Jan 2003 18:38:08 + (GMT) "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote: > > has something called Source Path Isolation Engine (SPIE). There > This would be cool to see a design/whitepaper for.. Kelly? In addition to David's link: >

Re: Is there a line of defense against Distributed Reflective attacks?

I guess the question of all this is may be... what could be done to perhaps... to minimize the impact of DoS attacks pointed at a victim host? Getting everyone to take security more seriously will most likely never going to happen.. :( -hc On Fri, 17 Jan 2003, Clayton Fiske wrote: > > On Fri,

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, Jan 17, 2003 at 06:38:08PM +, Christopher L. Morrow wrote: > > On Fri, 17 Jan 2003, John Kristoff wrote: > > > impractical). If the sources can be tracked, perhaps they can be > > stopped (but large number of sources make this a scaling issue and > > sometimes not all responsible p

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, 17 Jan 2003, David G. Andersen wrote: > > On Fri, Jan 17, 2003 at 06:38:08PM +, Christopher L. Morrow mooed: > > > > > has something called Source Path Isolation Engine (SPIE). There > > > > This would be cool to see a design/whitepaper for.. Kelly? > > The long version of the SPIE

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, Jan 17, 2003 at 06:38:08PM +, Christopher L. Morrow mooed: > > > has something called Source Path Isolation Engine (SPIE). There > > This would be cool to see a design/whitepaper for.. Kelly? The long version of the SPIE paper is at: http://nms.lcs.mit.edu/~snoeren/papers/spie-t

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, 17 Jan 2003, John Kristoff wrote: > ---SNIP--- > > It doesn't have to be forged, that step just makes it harder to > trace back to the original source. There are some solutions that > try to deal with this, including an IETF working group called > itrace. UUNET also developed somethin

Re: As-Path filtering based on ranges, not regex

On Fri, Jan 17, 2003 at 12:10:59PM -0500, Andy Johnson wrote: > > Vincent, > > I'm fairly certain it can match a range, just as you yourself posted you > could do. There is no difference between using a range to find 0-9, than > there is finding 64512-65535. There is in regular expressions

Re: Is there a line of defense against Distributed Reflective attacks?

On Fri, 17 Jan 2003, Vadim Antonov wrote: > > > > Do we need te equivalent of a dog bite law for computers. If your > > computer attacks another computer, the owner is responsible. File a > > police report, and the ISP will give the results of the *57 trace to > > the local police. The polic

RE: Less than 2% of computer attacks on military are successful

Well they don't tell you which 2 percent either. For all we know "only 2 percent were successful" and yielded launch codes... or "only 2 percent were successful" and yielded next weeks lunch schedule. Big difference on which 2 percent:). On Fri, 17 Jan 2003, jnull wrote: > > > > But the arti

Re: As-Path filtering based on ranges, not regex

Vincent, I'm fairly certain it can match a range, just as you yourself posted you could do. There is no difference between using a range to find 0-9, than there is finding 64512-65535. So your line would look something like this: ip as-path access-list 150 permit _[64512-65535]$ -Andy

Re: Less than 2% of computer attacks on military are successful

From: "jnull" <[EMAIL PROTECTED]> > > But the article also says less than 2% of the "attacks" resulted > > in a successful intrusion. > > 2% would be an embarrassingly large success rate for intrusion on a > "secured" military network. Not to mention the definition of "attack" the article seems

Re: The Cidr Report

> > Previously, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > > AS690521 326 19537.4% MERIT-AS-27 Merit Network Inc >. > > Come on, Susan, have your folks get with the program. :-) > > -- > Douglas A. Dever [EMAIL PROTECTED] > 216.373.8517 - DID > 216.401.5888 - Cell

Re: Is there a line of defense against Distributed Reflective attacks?

Vadim Antonov wrote: Caution this won't program a router: >The police can then put down the rabid computer, > > permanently. > Good in theory... in practice police has more important things to do. Like > catching pot smokers. Not -=too=- much problem soon, thanks to the USA "Patriot" act. I

RE: Less than 2% of computer attacks on military are successful

> But the article also says less than 2% of the "attacks" resulted > in a successful intrusion. > http://www.nytimes.com/2003/01/17/technology/17HACK.html 2% would be an embarrassingly large success rate for intrusion on a "secured" military network. But, I'm sure they'll float any articles the

As-Path filtering based on ranges, not regex

Hi, I would like to filter bgp updates based on AS origin. I know that i can match origin with regex as : _1239$ In fact, i would like to match as-path that originate from ASes from 856 to 1239. pseudo regex would be something like : _[856..1239]$ Juniper has this feature. Cisco does not AFA

Re: Less than 2% of computer attacks on military are successful

> After last weeks spam run on Iraq, the US military and NIPC are > concerned Iraq might be behind a rise in electronic attacks > against government and military networks. and we are supposed to have sympathy for those who struck the first blow? rofl! randy

Re: FYI: Anyone seen this?

Passed along without comment "I poisoned P2P networks for the RIAA" - whistleblower By Andrew Orlowski in San Francisco Posted: 17/01/2003 at 13:00 GMT   "Gobbles", the German hacker who improbably claimed to have infected peer-to-peer file sharing networks and to "0wn" your computer this week,

Re: Scaled Back Cybersecurity

- Starting at the core, which is who the Feds buy the most IP from, still makes life a lot simpler if and when we get the "big one" in terms of cyber-attack. Is not the problem with this that few if any attacks originate in the core, and by the time the traffics start getting aggregated the

Re: Is there a line of defense against Distributed Reflective attacks?

> Do we need te equivalent of a dog bite law for computers. If your > computer attacks another computer, the owner is responsible. File a > police report, and the ISP will give the results of the *57 trace to > the local police. The police can then put down the rabid computer, > permanently.

The Cidr Report

This report has been generated at Fri Jan 17 21:50:49 2003 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table Hist

Less than 2% of computer attacks on military are successful

After last weeks spam run on Iraq, the US military and NIPC are concerned Iraq might be behind a rise in electronic attacks against government and military networks. The assessment said recent computer disruptions have included Web defacements, "denial of service" attacks that can disrupt or para

Re: Is there a line of defense against Distributed Reflective attacks?

On Thu, Jan 16, 2003 at 08:48:03PM -0500, Brad Laue wrote: > Having researched this in-depth after reading a rather cursory article > on the topic (http://grc.com/dos/drdos.htm), only two main methods come > to my mind to protect against it. There are a few more methods, some have already mention

Re: Is there a line of defense against Distributed Reflective attacks?

> > What kinds of mechanisms exist for keeping track of the origins of > > something of this nature? > > Normally that's not very productive as they are mostly owned boxes that > will be rebuilt and reowned in days :( We could automate the tracing process, like *57 customer initiated trace on the