RE: Attacks on GRC.com

From: Dave Salovesh (salovesh@ramassociates.com)
Date: 02/28/02 

From: Dave Salovesh <salovesh@ramassociates.com>
To: 'HarryM' <harrym@the-group.org>, incidents@securityfocus.org
Date: Thu, 28 Feb 2002 16:48:33 -0500

Harry,

The attack Gibson describes uses two or three long-known methods. I don't
know if this particular mix deserves a name of its own, but I certainly
haven't heard one.

Here's much more of a poke at Gibson, but it's also a pretty good rebuttal
(of the Gibson's GENESIS solution, at least) from Thomas C. Greene:

http://www.theregister.co.uk/content/55/24189.html 

-- 
Dave Salovesh
RAM Associates, Inc.
(800) 543-3635

> -----Original Message-----
> From: HarryM [mailto:harrym@the-group.org]
> Sent: Thursday, February 28, 2002 5:46 AM
> To: incidents@securityfocus.org
> Subject: RE: Attacks on GRC.com
> 
> 
> To the moderator:
>     I'm not sure if this is on-topic for incidents since it's 
> kind've a poke
> at steve gibson as well as a question :)
>     Would you mind sending this to the appropriate list if 
> incidents is the
> wrong one? I'm on incidents, bugtraq, vuln-dev and webappsec.
>     Thanks.
> 
> RE Gibson's 'report' here: http://grc.com/dos/drdos.htm
> 
> I know i heard about this type of attack quite soem time ago, 
> although i
> don't remember it being given a name. Gibson has dubbed this 
> a 'Distributed
> Reflection Denial of Service' attack in his typical 
> 'media-darling' style.
> Has the *real* security community given this type of attack a 
> name? If so,
> what? And is there any defence, possibly automated, that 
> server admins can
> implement against innocent servers being abused in this way 
> by crackers? Are
> there any IDSs that can detect this type of activity?
> 
> I'm new to security in general so forgive me if any of those 
> questions are
> dumb!
> 
> Harry
> 
> 
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • RE: wu-ftpd attack ???
    ... I'll supply the results after the next attack of substantial event. ... >This list is provided by the SecurityFocus ARIS analyzer service. ... >For more information on this free incident handling, management ...
    (Incidents)
  • RE: Attacks on GRC.com
    ... About the GRC article itself: ... I know i heard about this type of attack quite soem time ago, ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, ...
    (Incidents)
  • Re: new IIS worm? (rcp lsass.exe)
    ... When I used windows update it downloaded the patches but didn't install them. ... >> attack, not a worm. ... >> This list is provided by the SecurityFocus ARIS analyzer service. ... >> For more information on this free incident handling, management ...
    (Incidents)
  • RE: Whos liable?
    ... Of course the nature of the attack also matters, ... on from your SOHO firewall and the FBI shows up at your door one day ... The FBI searches all 10 computers in your network ... For more information on this free incident handling, ...
    (Incidents)
  • RE: new IIS worm? (rcp lsass.exe)
    ... Subject: new IIS worm? ... > We have seen this attack from 4 different sources since Sept. 16, ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)