nanog mailing list archives
RE: Yahoo! Lessons Learned
From: "K. Graham" <kgraham () ican net>
Date: Tue, 08 Feb 2000 09:47:58 -0700
On 8 Feb 2000, Sean Donelan wrote:
Date: 8 Feb 2000 03:25:36 -0800 From: Sean Donelan <sean () donelan com> To: nanog () merit edu Subject: Yahoo! Lessons Learned As much as I enjoy finding out about Yahoo & GlobalCenter issues by reading the newswires, I wonder if there are any lessons we can learn from these events. Or was this not big enough to get attention of upper management?
Possibly.
Was there something Yahoo!, GlobalCeneter or other providers could have done, either individually or in cooperation, to prevent the
problem?
Yes. One of the emails sent in, mentioned that a network they work with or for was being utilized as an amplifier. Each network that have gateway routers should ensure that they disallow IP broadcasts. It was mentioned that this was a co-ordinated attack. That meant a bit of planning and access to various machines. As to the number of attackers only Yahoo's internal people may know. Even then it may have only been one individual with a script that accessed many locations at one time and initiated the commands. There is the ability to do such an attack. The reality of "stay connected 24/7" at the household level with highspeed internet, makes the possibility of this attack more of a multi level victom attack. Home users do not know that they are leaving the door open to exploitation with simple Window's shares. Savy people gain access to the cable and dsl modem user's PCs and then launch their attacks. Small utilities are put in place to make it easier to find the exploited machines. Thus creating a network of available attack, harder to track connections. Education is a tool that can be used to inform customers. If each node on the Internet takes care of it's own doors then there will be less available launching pads. Thus making it a bit simpler to track an attack. Who or what will do the education is a question. Who are the responsible parties if no education is taken or given? To me, the responsiblity question is a nitemare at best. I just hope Yahoo's unfortunate incident opens some eyes, some lines of communication and education. K. Graham Network Analyst, CCNA kim () penguin-power com
Current thread:
- Re: Yahoo! Lessons Learned, (continued)
- Re: Yahoo! Lessons Learned Patrick Greenwell (Feb 08)
- Re: Yahoo! Lessons Learned Paul Ferguson (Feb 08)
- RE: Yahoo! Lessons Learned Roeland M.J. Meyer (Feb 08)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- Re: Yahoo! Lessons Learned brett watson (Feb 10)
- Re: Yahoo! Lessons Learned Richard Steenbergen (Feb 10)
- Re: Yahoo! Lessons Learned Paul Ferguson (Feb 10)
- Re: Yahoo! Lessons Learned NANOG Mailing List (Feb 10)
- Re: Yahoo! Lessons Learned Vijay Gill (Feb 10)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- Re: Yahoo! Lessons Learned Daniel Senie (Feb 08)
- Re: Yahoo! Lessons Learned Kai Schlichting (Feb 09)
- Re: Yahoo! Lessons Learned Henry Kilmer (Feb 09)
- Re: Yahoo! Lessons Learned Dan Hollis (Feb 09)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- Re: Yahoo! Lessons Learned John Payne (Feb 09)
- Re: Yahoo! Lessons Learned Dan Hollis (Feb 08)