• STOCKTALK
• POLITICS
• PASTIMES

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

---

To: Richard J. Haynal who wrote (30275) 2/12/2000 10:50:00 AM From: Scott C. Lemon   Respond to of 42771   Hello Richard, You are correct ... I should have said: "Actually, this is not quite accurate. The attacks this week *did* come from numerous machines, and from their valid and/or spoofed addresses, from all over the net." My main point was that the attacks actually came from numerous machines ... a distributed attack ... rather than from a single machine. In your original post it appeared that this was unclear. Your point is well taken that the "deamons" (or "zombies" as they are being called) could be spewing packets with any range of addresses ... and yes, it makes complete sense that egress filtering is the only real way to assist in tracking this type of issue. It's been a long time coming ... What interesting is that even the "command and control" *could* be done with spoofed addresses also ... if they based their control protocol on something like UDP they could have designed the system so that it doesn't care the source of a command ... this also allows various levels of indirection ... Scott C. Lemon

Home

Mail

Hot

SubjectMarks

PeopleMarks

Keepers

Settings

Terms Of Use

Contact Us

Copyright/IP Policy

Privacy Policy

About Us

FAQ

Advertise on SI

© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News