On Sat, 23 Jun 2001, Vivien M. wrote:
We ended up concluding that Mr. Gibson's main goal is the distribution of large quantities of FUD. It seems, I might add, that Mr. Gibson is
That might be so. I got this link approx 8 hours before I saw it on NANOG-l when I was investigating just this kind of thing he's talking about. I got in thru the irc-admin perspective though, saw a couple of clients that seemed to have things in common, sniffed some traffic, found a channel on IRCnet that was dedicated to whatever purpose these 100 or so clients/machines were up to. Talked to the "grand master" who approached me when I and a fellow IRC admin started throwing off his "bots" (he actually called them bots and then changed his mind that they were clients). This is a real problem. It's not FUD. Microsofts choice to include full IP stack capabilities will make the problem worse, but I do not blame their IP stack for this like Mr Gibson does though. So what do we do about it? There are 10th of thousands of "0wned" machines out there. 10.000 machines sending one SYN per second to somewhere constitutes a 6mbit SYN flood that'll make almost any web server get into trouble. 10 SYNs per second and we're really talking traffic here. From spoofed sources because ISPs do not source address filter? Gah. Basically untraceable. I know a few people have been put in jail for these kind of activies. I'd say it's not enough though. We might blame parents, society, whatever, but the question remains: What do we do about it? I saw figures that there are over 9 million homes in the US with "broadband internet access". This is going to 10fold in the next few years, worldwide we might have a couple of 100 million computers "always-on" in a few years. 95% (or more) of them running Microsoft OS, by people who have no idea how to secure it etc. What should we do? -- Mikael Abrahamsson email: swmike@swm.pp.se