Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: Blitzkrieg Server -- For Real?!

RE: Blitzkrieg Server -- For Real?!

Catherine Francis (cfrancisintrusion.com)
Mon, 11 May 1998 10:35:21 -0400

This article has been the source of a certain amount of speculation and
amusement here. The general feeling, as summed up by one of our

to be honest, it reads like the drivel that New Agers spout about their
version of Gaia: lots of anthropomorphisms, veiled allusions to some
gestalt formed by the intensive interaction of distributed sub-entities,
and all that.

Personally, I believe not a single word.

What I will believe they have is a traffic monitor, sifting through
conversations and matching patterns. Three days' advance warning? Hogwash.
What they probably got was the slow start of the attack -- it was just the
well-known land2, by the way -- so the filters were in place when the main
attack came. CIA claims it's dangerous? If it were they would quietly study
it (besides, the NSA would be a more likely agency to get involved), not
spout militaristic drivel.

It was amusing to read that the "Blitzkrieg virtual machine" is "subsuming
and taking over" NT. I cannot conceive of any situation where this
statement might be true, unless "Blitzkrieg" is a human or machine
intelligence ... and they most emphatically don't have a sentient being
locked up in an NT box.

Also, check out the buzzword quotient: lots of martial background music, a
high incidence of vague-but-nice-sounding words, and the whole thing reads
as if the shop spouting it was the last defense of the Free United States
against the Communist Onslaught or the Yellow Peril.

Finally, a minor item which totally and absolutely discredits the entire
load of bull crap: The land2 attack they refer to was done using spoofed
source IP addresses. Unless _every_ router from the attacker keeps a
complete traffic log, _including_ the port/line from which a particular
packet was received, it is not possible to trace such a spoof back after
the fact. (It is extremely hard to do _while_ it is happening; compare to
an old-style phone trace, looking at relays and calling the next exchange
up the line.) For MAE-West alone, such a log would be around one gigabyte
*per*second*! Of course, the product could have "invaded, reintegrated and
subsumed" the entire routing chain upstream towards the attacker to locate
the source -- which would mean that Blitzkrieg is, on the fly, able to
generate and upload replacement OSes for a myriad of special-purpose
processors in a myriad of configs from Cisco, Bay Networks, and so on.
(Note -- Cisco products require a command from a privileged console before
even thinking about loading a new OS file.) And all that without disturbing
normal operations or alerting the NOC duty engineers to the fact that their
routers were taken over ...

To summarize: A sales spiel or an outright hoax..

Catherine Francis
Research & Development Coordinator
(212) 348-8900
Intrusion Detection, Inc.
A Security Dynamics Company
Makers of the Kane Security Analyst and Kane Security Monitor,
tools to ensure the overall security of your network

From: aragerMcGraw-Hill.com[SMTP:aragerMcGraw-Hill.com]
Reply To: aragerMcGraw-Hill.com
Sent: Wednesday, May 06, 1998 6:59 PM
To: firewall-wizardsnfr.net
Subject: Blitzkrieg Server -- For Real?!

     Hello Wizards,

     Came across these links on CNN and the May98 issue of Signal Magazine.


     or the vendor's site


     Article describes new technology developed by a Quantum Physics
     theorist. It's called the Blitzkrieg Server, and seems to be a highly
     advanced AI engine and counter-attack engine for network security.
     The counter-attack supposedly viraly infects the entire network that a
     hacker originates from.....somemhow. Seems to have sparked some
     interest from the CIA and such.

     Anyone else heard of this? Seems like pure hype based on fiction to
     me....Is this pure marketing smoke, or is there some sort of unreal
     counter-attack technology bundled into this product?

     Anton Rager

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:54 CDT