Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Politics : Formerly About Applied Materials -- Ignore unavailable to you. Want to Upgrade?

To: Katherine Derbyshire who wrote (47941)	6/14/2001 4:49:14 PM
From: Math Junkie	Read Replies (1) \| Respond to of 70976

OT Your question assumes that it's possible to prevent a thirteen year old hacker from mounting a DDoS attack. Maybe you have the expertise to make that statement, but I sure don't. It also assumes that he considered his system to be a likely enough target of such an attack, and the consequences to be seriousness enough, to warrant trying to prevent it before the fact. Since he has now stated that he is just going to wait it out when attacks happen, the latter assumption, at least, is clearly not valid. With regard to the assurances we have been given that XP has much better security than previous versions of Windows, I received the following PMs today from someone who is not all that reassured: I'm sorry for the PM, but I do not feel comfortable posting to this thread...Anyway, the main fear I have with the widespread availability of systems with the full RAW_SOCK support is not a few hackers playing around behind a spoof. Unix based systems are relatively rare (compared to all systems attached to the net) and are usually owned by organizations that add layers of protection. I'm worried about a GOOD hacker, using spoofs to avoid being tracked, hacking INTO these widespread systems and turning them into Denial of Service engines. Suppose for a minute that a hack finds a method and enters a Windows system that supports RAW_SOCK support, using his own RAW_SOCK support and spoofs to hide his identity. Once inside, he/she plants a program that, using the RAW_SOCK support, causes the target system to: 1) Propagate the program to other systems with the same operating systems (many programs exist to probe IP addresses etc. to find targets) and 2) At some trigger, (time, date, phase of the moon) start a Denial Of Service attack on some target. With all of the attacking systems spoofing their IP, it would be difficult to stop. Another twist might be to have the attacks be for relatively short durations, but frequent. Tracking would be very difficult, since most "Windows" users are not sophisticated enough to even know their system is active. It's not the hacker having a "stealth" system that I'm afraid of...It's him/her infecting unknowing systems that are capable of stealth that is scary. __________________ I then asked this person for his reaction to the assertion that XP has much improved security features. He replied: __________________ Sure, old holes will be blocked and every attempt will be made to keep people out. But no commercial offering that I know of is tight enough to keep everyone out. (I worked in a secure environment for a short period in my life. "Secure" systems are extreme. No buffering of I/O devices, explicit zeroing of variables when finished using them and before freeing memory, that type of thing. No information that is not currently in use in memory......) The fear is that millions of these systems will be tied directly to the net via cable modems, DSL, etc and the users are not sophisticated enough to protect themselves beyond the protection provided by the OS. When (not if, when) an entry point is found and an attack is planned, there will be a very large target population in which to spread the attack code. When all of these systems can spoof it will make detection a nightmare. What if the attack is more subtle? Don't take down a site or a group of sites. Just have half a millions systems every second or so make queries with spoofed IP's and have the packets bounce around until they expire, tying up bandwidth on the entire net without attacking anyone in particular. This would be more like an attack on the backbone providers. Everyone slows down, but the source would be hard to determine because of the spoofing and the intermittency from each individual system. _______________________ The statement above that really gets my attention is this one: "When all of these systems can spoof it will make detection a nightmare."