On Mon, 14 Feb 2000, Henry R. Linneweh wrote:
Its nice to know the government just fractured the network and raped everyone's security all to hell...
How so? There have been several CERT advisories, as well as a workshop on these types of DDoS attacks over the last few months, and well in advance of the four day notice given to banks. These new DDoS attacks were discovered last August and covered in depth since then, not to mention that smurf is now years old. However, there's not much an entitiy can do to effectively and proactively defend themselves against these attacks, but we've covered that.
http://www.techserver.com/noframes/story/0,2294,500168253-500214982-50100857...
Banks warned of impending Web attacks days before they occurred
The fact that banks only got information about these attacks some 4 days before these high-profile attacks is disturbing because it shows clearly that the current state of security information distribution, even with cutting edge info from Bugtraq, and the snale-paced releases from CERT, isn't enough to spread relevent information if people keep their heads burried in the sand. What's even more alarming is that this information was made public by both channels as of December and from the recent posts I'd gather that a lot of the people on this list didn't know either until after the lengthy discussion here on NANOG, which was during/after the attacks. What does that say? I'm sure we all work hard, but ignorance is no excuse. And, while it is a bit alarming that these financial institutions are not sharing their information, I firmly believe they're getting their information from the same channels everyone else does. I'm pretty sure bugtraq gets the 0-day long before they do, and if not, I'd certainly like to know who's doing their research for them. However, what really worries me, is that executives have been invited to a discussion that I would hope requires more technical understanding and common sense than business savvy. But, from what I've read this meeting is more about company secrets and politics. At least mudge and a few academics will be there... -- Joseph W. Shaw - jshaw@insync.net Computer Security Consultant and Programmer Free UNIX advocate - "I hack, therefore I am."
-- Thank you; |--------------------------------------------| | Thinking is a learned process so is UNIX | |--------------------------------------------| Henry R. Linneweh