:: Joe Shaw writes ::
Next there is a rumor that 8000 users have been infected with a tweaked system.exe file that makes that user a smurf amplifier unwittingly. These are things to watch for. I wish there was an easier way to break bad news.
I fell out of my chair at that statement. One user/host cannot be a smurf amplifier; one network from a /30 and down can with different results.
If I modify my kernel to generate 100 ECHO REPLYs for each ICMP ECHO I recieve, how is my PC signifigantly different than a /24 behind a router that doens't have "no ip directed-boradcast" (or it's equivalent) configured, with 100 devices on it that all respond to ICMP ECHOs addressed to the boracast address? I'm not saying that I believe this rumor (or even that I've heard it before now), nor am I saying that the rumor has as much thought behind it as my previous paragraph does, nor am I saying that if you were going to implement such a thing on a Windows machine that you would implement it in system.exe. (I'm not even saying that system.exe exists.) But I am saying that such a thing is technically feasible. And I am saying that there are people out there who are not above writing a virus that facilitiate the use of other people's machines in DOS attacks. - Brett (brettf@netcom.com) ------------------------------------------------------------------------------ ... Coming soon to a | Brett Frankenberger .sig near you ... a Humorous Quote ... | brettf@netcom.com