Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: Paul Fiondella who wrote (30262)	2/11/2000 12:30:00 PM
From: Scott C. Lemon	Read Replies (1) \| Respond to of 42771

Hello Paul, > It sounds like the attackers in this denial of service approach had > to have some way of compromising the servers they used to host the > attack. Did they simply crack a user ID or did they invade the > packets that circulate on the net directly? So the hack that they used is not as important as the concept. They located servers around the world that they were able to compromise. They either hacked in directly, or they suckered the user into running some application which was a "trojan horse". Through either process they installed a "Zombie" application which ran in the background on the compromised machines, waiting for some instructions on what to do. The "Zombie" followed these programmed instructions to start sending packets at the "victim" networks ... and with enough of these "Zombies" sending at the same time, they overwhelmed the routers ... Anyone could fall victim to hosting such a "Zombie" on their workstation by running .EXE applications that are mailed around the net, or by "bad" ActiveX components, or by a variety of other hacks. (P.S. Years ago I was learning to play with IPX and DOS programming ... I created such a program and architecture which I called my "Tourist" architecture. It included a "port of entry" application which ran as a TSR in DOS and provided the same types of extensible capabilities. A couple of years ago I wrote (with a friend) an updated version that I called the ActiveTourist which used ActiveX as the method to set up a "port of entry" application on Microsoft platforms. I was going to present it at Brainshare, but Novell wasn't interested ... ;-) Scott C. Lemon

To: Paul Fiondella who wrote (30262)	2/11/2000 3:59:00 PM
From: Richard J. Haynal	Read Replies (2) \| Respond to of 42771

Paul There are basically three ways you can do this. A session can be hi-jacked, a host or server can be compromised, or one can merely craft a packet with source address of network-to-be attacked. The thing about a Denial of Service attack is that it can go after a legitamate service offered at the site and just overwelm it. (i.e. There are applications out on all of the hacker sites which will fire off a continuous stream of packets. This may be in the form of requesting web page (www.novell.com). This is a legitamate request and one does not have to authenicate to anyone to get it. These request can be sent pretty fast. The whole idea is to over burden the site's server/firewall, effectively killing their pipe, server, and firewall. The way to defend against this is to just tell the firewall if you see "X requests within X timeframe" from any one box, block that box. The big attacks this last week have been a new type called "Distributed Denial of Services" attack. All it means is that the souce address now is being changed. So this attack looks like it is coming from many boxes instead of one. The old defense for "Denial of Services" attacks will not catch this.