|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Denial of service
ICMan (shane_mason
securecomputing.com)
Wed, 19 Aug 1998 18:46:31 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: ICMan: "Re: Denial of service"
- Previous message: Harvey Nusz: "Re:password aging"
- Next in thread: ICMan: "Re: Denial of service"
Ted Doty wrote:
> Anyone who wants to can crash your Internet router. If you've patched it
> sufficiently that this is not possible, they can crash your ISP (who almost
> certainly is *not* patched sufficiently). If this doesn't work, they can
> smurf you from some vulnerable third party. Using some poor slob who's
> vulnerable to smurf and has a T3 Internet feed is always good for a laugh
> with the d00dz.
>
> This doesn't even begin to address issues like resource poisoning: classic
> examples of this are email spam and folks tossing flame bait on newsgroups.
> These "attacks" are more social, but result in fewer people using the
> poisoned resources.
>
> If your network positively has to be up for mission critical applications,
> don't connect it to the Internet.
>
> - Ted
>
> -----------------------------------------------------------------------
> Ted Doty, Internet Security Systems | Phone: +1 678 443-6000
> 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479
> Atlanta, GA 30328 USA | Web: http://www.iss.net
> -----------------------------------------------------------------------
> PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Denial of service attacks can, for the most part, be guarded against
with good "perimeter security devices" (read: Firewalls) and good
security practices.
I think that your last assertion is a bit of overkill on the FUD. What
is "absolutely mission critical"? Can I connect my network to the
Internet with a router "patched sufficiently to make [hacking]
impossible" and then put my mission critical stuff on a private, secure
WAN? CERN in Geneva provides real-time data feeds from their
accellerator lab at 10Mbps to certain research groups. This is
"absolutely mission critical", because the data in the stream has to be
free from contamination. However, I should still be able to connect my
network to the Internet if I take sufficient precautions.
For example, I can have a really well locked down Firewall as my
Internet gateway, and then also have a really tight Firewall in front of
my research network. I have to take very good care to configure the
Firewalls and routers correctly, and I need to make damn sure that the
latest security patches are applied, but if my Internet connection goes
down because someone blew my ISP away, I care very little because the
data feed that is my bread and butter is coming from a different source.
Other examples of this are retail chains that have hooks to credit card
companies, investment houses that have hooks to exchanges, etc.
- Next message: ICMan: "Re: Denial of service"
- Previous message: Harvey Nusz: "Re:password aging"
- Next in thread: ICMan: "Re: Denial of service"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:40 CDT