Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: ToySoldier who wrote (30250)	2/11/2000 7:48:00 AM
From: Steve Bannister	Respond to of 42771

Absolutely true. Sounded like a feature to me too at the time, but.... >>>>>>ToySoldier wrote<<<<<<< Actually, regarding BorderManager and Denial of Service attacks.... When I went the the vendor pre-release bootcamp of BorderManager, we were told that the beta of BM had a bug in it that Novell discovered when testing on their own WWW.NOVELL.COM production site. Aparently the BM server was hit by a denial of service attack by some hacker (dont remember the location of the related ISP). The problem was that the BM bug made an attempt to respond to the attack and did not just respond with one packet - it absolutely flooded response packets back to the source with as much bandwidth as could fit through the pipe. Now considering that Novell's web site is serviced by at least 1 T3 link (I believe its 2 or 3), it didnt take long for the ISP of the hacker to call Novell and asked why Novell's site was absolutely blowing the ISP out of the water by its own form of "denial of service" response (although completely by accident). Unfortunately since Novell is a member of the Internet Security association (dont recall the exact name), they were forced to report and repair the bug within a very short timeframe (I believe 2 days). But the Novell trainer asked the audience "who here feels that we should leave the bug in the code?" - everyone put up their hands. Dont know how true the story was but it was a good one and quite related to this recent set of events. :))

To: ToySoldier who wrote (30250)	2/11/2000 11:04:00 AM
From: Scott C. Lemon	Read Replies (1) \| Respond to of 42771

Hello Toy, > But the Novell trainer asked the audience "who here feels that we > should leave the bug in the code?" - everyone put up their hands. It's interesting, but I've been talking with a couple of attorney's who specialize in "Internet related law" and this subject came up ... The problem is that it is now a violation of federal law to use this type of technique - either in offensive or defensive positions ... You can now go to jail for creating any type of denial of service attack ... Scott C. Lemon

To: ToySoldier who wrote (30250)	2/11/2000 11:10:00 AM
From: Richard J. Haynal	Read Replies (2) \| Respond to of 42771

Toy, This is *not a good idea. Most hackers (badguys) do not launch an attack from their own network or if they do they use crafted packets. Think about it. If I find a single host on a network that I want to attack that I can compromise, then all I have to do is launch an attack on Novell (can subsitute any other BM site), who would immediatley blow that network out of the water. Or better yet, craft a Denial of Service packet with the domain of the network you want to bring down and send it to Novell. Again this would have the same effect, Novell would bring that network down. That means Novell would be doing the hackers job for them and taking the heat for it. This would have made a great tool/service for all the would-be hackers out there. Not a good idea.