On Sun, Apr 12, 1998 at 12:35:44PM -0700, Craig A. Huegen wrote:
On Sun, 12 Apr 1998, Alex P. Rudnev wrote:
==>Remember, this intruders use small ISP as their service providers, not ==>huge MCI or SPRINT.
Actually, the majority of these people use compromised root accounts in educational institutions, educational residence halls w/ Ethernet, enterprises w/o decent firewalls, and co-location machines.
There are lists which exist of over 200-300 compromised root accounts and access capabilities from which someone can launch an attack.
Yep. But the point still remains that if you can't get the traffic out of the source network a smurf attempt doesn't work. Those "educational" sites which allow residence hall connections to launch this kind of thing deserve to be permanently black-holed from the Internet until they fix things. And yes, I know this means they'll have to spend money. Tough cookies. This is NOT an unsolvable problem (I can solve it with a $1,000 PC running IPFW between the residence hall Ethernet and the rest of the campus, or a few statements in a CISCO config) so people saying its an intractable problem are lying. Period. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost