• STOCKTALK
• POLITICS
• PASTIMES

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy?

---

Public ReplyPrvt ReplyMark as Last ReadFile

Previous 10Next 10PreviousNext

To: Scott C. Lemon who wrote (30274) 2/12/2000 12:02:00 AM From: Richard J. Haynal   Read Replies (1) of 42771   Hi Scott, > Actually, this is not quite accurate. The attacks this > week *did* come from numerous machines, and from their > valid addresses, from all over the net. I'm not so sure about this part. The Intruder (bad guy) controls the master/s which in turn controls the deamons. It's the deamons which attack the victum. For this to work the Intruder would have to have the valid address of the masters and the masters would need valid address of the deamons. But the deamons do not need to use a valid address to attack the victum. Since it is not hard to craft spoofed packets, my guess would be that most of the deamons would used them and possible a range of them at that. The reasoning behind the guess is: 1)if the deamons use their real address it should not be too hard to go through logs to trace the chain of events back at least to the masters. 2) If the deamons where using their real address then the firewalls at these sites (yahoo, cnn, ebay) would have block the site after the initial threshold of packets where recieved (protection against a typical Denial of Service attack is X amount of requests from the same box in timeframe X == drop anything from that box at the firewall). 3) Its been what, 4 days since these major attacks and the news only shows one box found that was used in the attack. If all those boxes were using their own IP address, seems that we would know were a lot of the deamons were. I think that maybe this machine was found by the security people at their site. 4) SANS is reporting the way to stop this attack through the Internet is to use Egress filtering. Froms SANS: "At this point, the GIAC is recommending system and security administrators pay particular attention to egress monitoring. The best way to make sure that no one can use your internal network to generate outbound DoS traffic is to ensure that only your legal address space is allowed out to the Internet." This implies spooking. Here is a good link on egress filterings: sans.org Again, this is just how I think it worked. I'm sure we'll all find more all about this as time goes on.

Report TOU Violation Novell (NOVL) dirt cheap, good buy? Message Board - Msg: 12851735Share This Post

Public ReplyPrvt ReplyMark as Last ReadFile

Previous 10Next 10PreviousNext

Home

Mail

Hot

SubjectMarks

PeopleMarks

Keepers

Settings

Terms Of Use

Contact Us

Copyright/IP Policy

Privacy Policy

About Us

FAQ

Advertise on SI

© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News