Berkeley CSUA MOTD:Entry 20529
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/24 [General] UID:1000 Activity:popular
5/24    

2001/2/7-8 [Computer/SW/Security] UID:20529 Activity:nil
2/7     http://www.nwfusion.com/news/2001/0205ddos.html
        No light at the end of the tunnel for preventing/protecting against
        DDoS attacks.
        \_ This is not an engineering problem, but a law enforcement problem.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/24 [General] UID:1000 Activity:popular
5/24    

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
Cache (8192 bytes)
www.nwfusion.com/news/2001/0205ddos.html
Business 18 Storage 19 WAN Services 20 Web/e-commerce 21 Wireless/Mobile SITE RESOURCES 22 Daily News 23 Newsletters 24 This Week in NW 25 Tests/Reviews 26 Buyer's Guides 27 Opinion 28 Forums 29 Special Issues 30 How to/Primers 31 Case Studies 32 Encyclopedia 33 IT Briefings 34 RSS feeds 35 Click for Layer 8! In fact, everyone's still pretty much in the dark - literally, in one case - when it comes to finding a silver bullet. A recent meeting of the DDoS Working Group, a forum organized last year to plot network defenses, was conducted solely by the light of laptops after KPMG International's Silicon Valley office was visited by one of California's rolling blackouts. In the ghostly glow could be discerned John Zent, manager of risk management for Yahoo, and Allen Yousefi, information security officer at eBay, along with representatives from security vendors eager to woo these top e-commerce firms. According to several attendees, Yahoo and eBay are more than just dismayed by the slow pace of finding technical defenses to denial-of-service attacks and the even more nefarious distributed denial-of-service attacks, which let an individual launch IP attack streams from hundreds, or even thousands, of compromised computers. Web site operators are frustrated by the apparent inability of ISPs and Web-hosting providers to quickly filter out denial-of-service attack traffic when it pours into their routers and servers. Whether a low-grade nuisance or the kind of multibarreled assault that upended Microsoft's sites for three days recently, this "bad" traffic is eating up bandwidth and at times blocking legitimate traffic to the most prominent e-commerce sites. Despite the gloom, there are many efforts under way to cope with all manner of denial-of-service threats . The DDoS Working Group is doing what it can to spur cooperation among ISPs. The group plans to publish recommendations for automated distributed denial-of-service defenses by the end of March. The document is expected to define a common intrusion-detection method for collecting and measuring the percentage of bandwidth being consumed and a flow tag to identify traffic and other Layer 2 data collected from the packets. A firewall or other network device that implemented the DDoS Working Group specification would be able to report the start of an attack to the ISP, and other ISPs using compatible equipment would be able to share the information. But it's uncertain whether ISPs can interact smoothly even if equipment makers support a common security specification, which may leave this as yet another security proposal that never got off the drawing board. This much is clear: ISPs play the critical role in the distributed denial-of-service endgame against attackers, who are heavily armed with denial-of-service "malware," software posted at hacker sites for free use. And most of the intrusion-detection analysis and filtering that ISPs do is manual and difficult. Moujtahed says ISPs are trying to do their part by installing antispoofing filters and cooperating with competitors through informal agreements hashed out in the ISP Service Consortium, which meets monthly. Those attacks forced most of the victimized e-commerce sites offline for about three hours. In the heat of battle to block the blitz of IP packets, ISPs did what they could through filtering bad traffic and claimed victory when it ended. But security experts familiar with what occurred agree that this filtering accomplished little and that relief came because Mafiaboy simply stopped his attacks after three-hour intervals. Like many experts, Huerta says the work ISPs did manually filtering bad traffic didn't stop Mafiaboy's attacks. And though law enforcement officials did extensive work bringing him to justice, one reason they succeeded was that he bragged about his exploits in an Internet chat room. Microsoft two weeks ago 61 became the latest high-profile victim of a distributed denial-of-service attack, though no one seems to be bragging about causing it. Microsoft declined to explain its response to the attacks, other than to say it was working with the Federal Bureau of Investigation. However, CIO Rick Devenuti acknowledges that Microsoft "accepts full responsibility" for the inconvenience to its Web users. He says the company hadn't applied "sufficient self-defense" by using third-party products at the front end of its core network. There are stopgap measures that Web sites can take to shore up defenses, such as using as many load-balancing and high-speed pipes as they can, as well as intrusion-detection systems that can indicate suspicious activity is suddenly on the radar screen. Fidelity Investments and Bear Stearns reportedly deployed Top Layer Networks' 62 AppSwitch with its intrusion-detection features after last February's attacks on e-commerce sites. Overall, there's a more sober-minded assessment of the problem among vendors than a year ago. Cisco last February claimed that making use of 63 ingress filtering in routers, a technology described in IETF draft RFC 2267plus, would stop denial-of-service attacks. But Cisco and a number of venture capital firms are investing in start-ups that are promising to develop comprehensive defense systems for distributed denial-of-service attacks. Another start-up, Arbor Networks, is also striving to find a cure. So, too, are established security vendors, including Internet Security Systems (ISS). Allen Wilson, director of emerging technologies at ISS and a DDoS Working Group member, says tracing this type of attack remains "very manually intensive and time-consuming. Whenever a Web outage occurs, security experts always suspect denial of service, even if the business blames internal screw-ups. Online auction vendor eBay has suffered several Web outages in recent months that many security experts suspect were denial-of-service attacks, something eBay vehemently denies. However, it was clearly a denial-of-service attack that disabled much of the Undernet, part of the Internet Relay Chat network, in early January. After last February's attacks, the Clinton administration asked the IT industry what it could do to help combat what everyone suddenly realized was a dangerous situation on the 'Net. It took 11 months to come forward with a plan, but 19 high-tech corporations recently formed an organization called IT Information Sharing and Analysis Center (IT-ISAC), which will run a so-called "virtual center" to share information about denial-of-service attacks and software vulnerabilities in general. Founding members are paying almost $1 million for the privilege, although general membership fees, which won't include access to all the information, drop as low as $5,000. The organization's database of shared information, which will be managed by ISS, is intended to help solve security problems, so vendors accessing this sensitive information have agreed not to use it as a marketing weapon. Those who expected ISPs to roll out new technologies or services to help stop these attacks in the past 12 months have surely been disappointed. ISPs are essentially using the same spot-filtering and monitoring techniques today as a year ago. Nevertheless, ISPs claim heightened awareness and vigorous monitoring have helped reduce damage. One of the most common reasons why ISPs are not setting up IP address filtering is because it can slow the network. However, if filtering is integrated into network devices, performance should not be hurt, Cooper says. Vint Cerf, senior vice president of Internet architecture and technology at WorldCom, says that standard load-balancing and content-distribution techniques that many Web-hosting service providers use reduce the negative impact of these attacks. In addition to distributing legitimate traffic, load balancing and caching distribute rogue distributed denial-of-service packets so one server is not crumbling under the weight of an attack. ISPs also see hope in specifications being developed by the Internet Engineering Task Force. I-Trace is one preliminary technology that will allow ISPs to quickly find where a distributed denial-of-service attack originates. ...