[18011] in North American Network Operators' Group
Re: Government scrutiny is headed our way
daemon@ATHENA.MIT.EDU (Brett Frankenberger)
Sun Jun 21 17:09:14 1998
From: Brett Frankenberger <brettf@netcom.com>
To: nanog@merit.edu
Date: Sun, 21 Jun 1998 15:59:43 -0500 (CDT)
In-Reply-To: <Pine.SOL.3.96.980621081029.10900D-100000@vellocet.insync.net> from "Joe Shaw" at Jun 21, 98 08:33:39 am
:: Joe Shaw writes ::
>
> > Next there is a rumor that 8000 users have been infected with a tweaked
> > system.exe file that makes that user a smurf amplifier unwittingly. These
> > are things to watch for. I wish there was an easier way to break bad news.
>
> I fell out of my chair at that statement. One user/host cannot be a smurf
> amplifier; one network from a /30 and down can with different results.
If I modify my kernel to generate 100 ECHO REPLYs for each ICMP ECHO I
recieve, how is my PC signifigantly different than a /24 behind a
router that doens't have "no ip directed-boradcast" (or it's
equivalent) configured, with 100 devices on it that all respond to ICMP
ECHOs addressed to the boracast address?
I'm not saying that I believe this rumor (or even that I've heard it
before now), nor am I saying that the rumor has as much thought behind
it as my previous paragraph does, nor am I saying that if you were
going to implement such a thing on a Windows machine that you would
implement it in system.exe. (I'm not even saying that system.exe
exists.)
But I am saying that such a thing is technically feasible. And I am
saying that there are people out there who are not above writing a
virus that facilitiate the use of other people's machines in DOS
attacks.
- Brett (brettf@netcom.com)
------------------------------------------------------------------------------
... Coming soon to a | Brett Frankenberger
.sig near you ... a Humorous Quote ... | brettf@netcom.com