RE: ABOVE.NET SECURITY TRUTHS?
A thought just came to me. My experience with above.net, and exodus.net, leaves me to KNOW that a certain exodus engineer's wife works as an engineer at above.net. Reading the quote at http://www.cnn.com/2000/TECH/computing/04/28/fbi.abovenet.idg/index.html Quoted: "Vixie says the company has speculated widely as to the motive for the attack and concluded that it could have emerged from one of two "completely useless categories." One category includes competitors that the company took a customer away from, disgruntled former employees or customers who had been disconnected because they were spamming. The other category, said Vixie, includes "someone who has something to prove and wants to bring our network down and wants to brag about it." " Ebay WAS at exodus, then half of it went to above. Maybe this is just the "conspirator" in me, but, what if that husband/wife team was 'contracted' for revenge, for the ebay move, and participated in paid corporate espionage? :) __________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Even in jest, this is more than a little mean-spirited and absurd. Disparaging someone's reputation, without evidence is untoward. This could get someone fired for no reason. Please, let's have no more of this.
Exiled Dave Sent: Friday, April 28, 2000 2:33 PM
A thought just came to me.
My experience with above.net, and exodus.net, leaves me to KNOW that a certain exodus engineer's wife works as an engineer at above.net. Reading the quote at
Ebay WAS at exodus, then half of it went to above.
Maybe this is just the "conspirator" in me, but, what if that husband/wife team was 'contracted' for revenge, for the ebay move, and participated in paid corporate espionage?
On Fri, Apr 28, 2000 at 02:32:39PM -0700, Exiled Dave wrote:
A thought just came to me.
My experience with above.net, and exodus.net, leaves me to KNOW that a certain exodus engineer's wife works as an engineer at above.net. Reading the quote at
Ebay WAS at exodus, then half of it went to above.
Maybe this is just the "conspirator" in me, but, what if that husband/wife team was 'contracted' for revenge, for the ebay move, and participated in paid corporate espionage?
I don't believe that you would even consider slinging such crap at the good reputations of those that you speak about. Have you no morals?
At 11:50 AM 4/29/00 -0400, Christopher B. Zydel wrote:
I don't believe that you would even consider slinging such crap at
At base, the purpose of slinging such crap is to get people excited. It worked. Look at the wastage of mailing list bandwidth that ensued. There is only one way to respond to such slinging, and that is by not responding at all. Just ignore it. d/ =-=-=-=-= Dave Crocker <dcrocker@brandenburg.com> Brandenburg Consulting <www.brandenburg.com> Tel: +1.408.246.8253, Fax: +1.408.273.6464 675 Spruce Drive, Sunnyvale, CA 94086 USA
I think it was more basic than this, I watch patterns of events over months and sometimes years, there have been some occurrences of transitory attack and or spams through above.net and I believe that this spawned from those connections being denied transit across above.net I do find it possible, for the other events to have probable cause, however being denied transit seems the more realistic of causes to piss someone off enough to attack. The second choice would be some aspiring 12 year old who is feeling his oats and simply experimenting with packet toys... My fundamental question here is where is the directory where all these new DDoS toyz and other forms of destruction located at? How are they getting to these programs? A solution is system wide scans for code segments in programs that spawn attacks and remove them and the users who have them without a valid reason. Search records for ssh, stelnet, telnet connections to boxes other than the primary account. Tighten up on hosted domains TOS and force Domain registrars to cancel domains involved in criminal activity. This is the only way to make people realize, that harming the fabric of the network is unacceptable, irregardless of the intent or cause. Exiled Dave wrote:
A thought just came to me.
My experience with above.net, and exodus.net, leaves me to KNOW that a certain exodus engineer's wife works as an engineer at above.net. Reading the quote at
http://www.cnn.com/2000/TECH/computing/04/28/fbi.abovenet.idg/index.html
Quoted:
"Vixie says the company has speculated widely as to the motive for the attack and concluded that it could have emerged from one of two "completely useless categories." One category includes competitors that the company took a customer away from, disgruntled former employees or customers who had been disconnected because they were spamming. The other category, said Vixie, includes "someone who has something to prove and wants to bring our network down and wants to brag about it." "
Ebay WAS at exodus, then half of it went to above.
Maybe this is just the "conspirator" in me, but, what if that husband/wife team was 'contracted' for revenge, for the ebay move, and participated in paid corporate espionage?
:)
__________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
-- Thank you; |--------------------------------------------| | Thinking is a learned process so is UNIX | |--------------------------------------------| Henry R. Linneweh
"Henry R. Linneweh" wrote:
My fundamental question here is where is the directory where all these new DDoS toyz and other forms of destruction located at?
Potentially millions of hosts.
How are they getting to these programs? A solution is system wide scans for code segments in programs that spawn attacks and remove them and the users who have them without a valid reason.
Search records for ssh, stelnet, telnet connections to boxes other than the primary account.
Since the tools can exist on any individual host on the network, every single owner/user/admin of an IP address would need to scan their machine. While I agree its a host problem, it's extremely difficult to fix with host solutions alone. Even if you did, you still won't be able to stop the creation and dissemination of tools amongst the bad guys.
Tighten up on hosted domains TOS and force Domain registrars to cancel domains involved in criminal activity.
I agree, some form of shunning could help cause people to batten down the hatches. This assumes you know where the problem is originating from. John
This is a red-herring, see www.gnutella.org There is no way anyone is going to even put a dent in distribution. Reference recent failed attemps vs MP3 distro, and reference the MPAA. One might alos see Napster issues.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of John Kristoff Sent: Monday, May 01, 2000 8:27 AM To: nanog@merit.edu Subject: Re: ABOVE.NET SECURITY TRUTHS?
"Henry R. Linneweh" wrote:
My fundamental question here is where is the directory where all these new DDoS toyz and other forms of destruction located at?
Potentially millions of hosts.
How are they getting to these programs? A solution is system wide scans for code segments in programs that spawn attacks and remove them and the users who have them without a valid reason.
Search records for ssh, stelnet, telnet connections to boxes other than the primary account.
Since the tools can exist on any individual host on the network, every single owner/user/admin of an IP address would need to scan their machine. While I agree its a host problem, it's extremely difficult to fix with host solutions alone. Even if you did, you still won't be able to stop the creation and dissemination of tools amongst the bad guys.
Tighten up on hosted domains TOS and force Domain registrars to cancel domains involved in criminal activity.
I agree, some form of shunning could help cause people to batten down the hatches. This assumes you know where the problem is originating from.
John
I apologize, the proper URL is http://gnutella.wego.com/go/wego.group.group?groupId=116705
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Roeland Meyer (E-mail) Sent: Monday, May 01, 2000 9:00 AM To: jtk@aharp.is-net.depaul.edu; nanog@merit.edu Subject: RE: ABOVE.NET SECURITY TRUTHS?
This is a red-herring, see www.gnutella.org
There is no way anyone is going to even put a dent in distribution. Reference recent failed attemps vs MP3 distro, and reference the MPAA. One might alos see Napster issues.
On Mon, 1 May 2000, John Kristoff wrote:
"Henry R. Linneweh" wrote:
My fundamental question here is where is the directory where all these new DDoS toyz and other forms of destruction located at?
Potentially millions of hosts.
How are they getting to these programs? A solution is system wide scans for code segments in programs that spawn attacks and remove them and the users who have them without a valid reason.
Search records for ssh, stelnet, telnet connections to boxes other than the primary account.
The idea of scanning every single node on your network is also, well -- absurd. Perhaps someday in the far future when we all have rocket-cars or more unbelievably, we have ipv6 - then we'll be able to do it. It's not like most corps don't try, but lets look at our options here, Tivoli(ick), CA/Unicenter(more ick), even my beloved NetCool/OMNIbus isn't setup to handle such a task(wait, give me a few days), we're talking about programs that can transmit with different protocols, be compiled by differnetly to hide their identity, among other things. Not only the program itself must be considered, but remember these are most likely compromised hosts you're talking about, a simple change of the ps with the cracker's own and poof, that pesky client isn't going to be appear anymore, this change being the lamest and weakest of their options - though the most common. I keep hearing the arguement on here about it being a 'host' problem, lets put this in perspective, its a 'admin' problem, the boxes compromised in most cases are systems that aren't updated and patched as needed, or monitored by admins who either can't perform the most simple maintience, or just don't care. This isn't 'news' to anyone here. However it seems like the only answer is... blackhole any network that attack you! make the networks pay for not admin'ing themselves properly, blackhole every university too, for good measure. wait.. wait.. that won't work.. Perhaps I should re-think this... Rodney Caston SBC Internet Services
participants (8)
-
Christopher B. Zydel
-
Dave Crocker
-
Exiled Dave
-
Henry R. Linneweh
-
John Kristoff
-
Rodney L Caston
-
Roeland M.J. Meyer
-
Roeland Meyer (E-mail)