Re: Fluffy Bunny No Longer Energized

[InfoSec News <isn () c4i org>]

Forwarded from: Bill Scherr IV <bschnzl () bigfoot com>

On 31 Jul 2002 at 2:08, InfoSec News wrote:

> Forwarded from: Darren Reed <darrenr () reed wattle id au>
>
> In some email I received from InfoSec News, sie wrote:
> > http://www.wired.com/news/technology/0,1282,54040,00.html
> [...]
> > Using their undetected toehold in Akamai's network, last year some of
> > the group's members contemplated a massive, distributed
> > denial-of-service (DDoS) attack on the Internet's 13 domain-name root
> > servers, according to a source close to Fluffy Bunny.
>
> [...]
>
> One thing you've got to realise is that in doing this it would also
> "kill the Internet" for this group of hackers.

Hitting the ROOT domain name servers would only kill name resolution.  
IP addresses and BGP would still work!  Packets would still get from
one place to another.  Attacks could still be launched based on
previously gathered lists.  Are we prepared to investigate without the
DNS system?
 
> Hacking into web sites maybe fun, as with causing specific web sites
> problems with their web servers but if your attack makes your play
> thing next to useless to yourself, well what's the point of that ?
> It's not like they can just throw it away and get a new one.
>
> Unfortunately I doubt this was a concern of those involved...
>
> Darren

 
Proper administration dictates that backups be made and stored in
accordance with well thought out and tested procedures.  No we can't
just replace it, but we can reboot it and we can determine what each
machine is doing!  The proper response here would be a)  trace the
attack (a HUGE job, requiring HUGE cooperation), and b) restore from
backup....

IF the fuzzy boys have a toehold in akamai, who else has a hold there?  
Has the vulnerability been addressed?  Whether or not the kids were
concerned about their "plaything" is irrelavent.  What is relavent is
are we prepared to saddle and ride this monster we have created!!!  
IMHO, it is well within our potential!!!
 
 
> -
> ISN is currently hosted by Attrition.org
>
> To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
> in the BODY of the mail.


Bill Scherr IV, GSEC, GCIA
EWA / Information & Infrastructure Technologies
Camp Johnson, Vermont 05446
(802) 338-3213



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.