On Wed, 15 May 2002, Dan Hollis wrote:
On Wed, 15 May 2002, Rob Thomas wrote:
] I don't think spoofing will be a problem for the landmines. Most attacks ] (99%?) are tcp. Hmm... Not based on my research. The most common attack capabilities in the bots are ICMP and UDP flooders. After that, IGMP. Last, TCP. Most of the DoS tools contain the same attack types as the bots. On the receiving end, upwards of 80% of all the woe I track is not TCP.
You miss the point of this:
We are not landmining for DOSing.
We are landmining to make it very dangerous for attackers to scan networks and probe hosts.
-Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Are you now operating under the premise that scans != anything but the prelude to an attack? Sorry if I missed it earlier in the thread, but I would hate to think any legitimate scanning of a network or host would result in a false positive. Even more, I would hate to see the advocation of a hostile reaction to what, so far, is not considered a crime. PJ -- He thought of Musashi, the Sword Saint, standing in his garden more than three hundred years ago. "What is the 'Body of a rock'?" he was asked. In answer, Musashi summoned a pupil of his and bid him kill himself by slashing his abdomen with a knife. Just as the pupil was about to comply, the Master stayed his hand, saying, "That is the 'Body of a rock'." -- Eric Van Lustbader