[18011] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Government scrutiny is headed our way

daemon@ATHENA.MIT.EDU (Brett Frankenberger)
Sun Jun 21 17:09:14 1998

From: Brett Frankenberger <brettf@netcom.com>
To: nanog@merit.edu
Date: Sun, 21 Jun 1998 15:59:43 -0500 (CDT)
In-Reply-To: <Pine.SOL.3.96.980621081029.10900D-100000@vellocet.insync.net> from "Joe  Shaw" at Jun 21, 98 08:33:39 am

:: Joe  Shaw writes ::
> 
> > Next there is a rumor that 8000 users have been infected with a tweaked
> > system.exe file that makes that user a smurf amplifier unwittingly. These
> > are things to watch for. I wish there was an easier way to break bad news.
> 
> I fell out of my chair at that statement.  One user/host cannot be a smurf
> amplifier; one network from a /30 and down can with different results.

If I modify my kernel to generate 100 ECHO REPLYs for each ICMP ECHO I
recieve, how is my PC signifigantly different than a /24 behind a
router that doens't have "no ip directed-boradcast" (or it's
equivalent) configured, with 100 devices on it that all respond to ICMP
ECHOs addressed to the boracast address?

I'm not saying that I believe this rumor (or even that I've heard it
before now), nor am I saying that the rumor has as much thought behind
it as my previous paragraph does, nor am I saying that if you were
going to implement such a thing on a Windows machine that you would
implement it in system.exe.  (I'm not even saying that system.exe
exists.)

But I am saying that such a thing is technically feasible.  And I am
saying that there are people out there who are not above writing a
virus that facilitiate the use of other people's machines in DOS
attacks.



          - Brett  (brettf@netcom.com)
 
------------------------------------------------------------------------------
                               ... Coming soon to a      | Brett Frankenberger
.sig near you ... a Humorous Quote ...                   | brettf@netcom.com
 

home help back first fref pref prev next nref lref last post