[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RE: OT: Mail to Windows Admins (WAS: Hacking Hacking My RAQ4i) (Michael J. Cannon)
- Subject: [cobalt-security] RE: OT: Mail to Windows Admins (WAS: Hacking Hacking My RAQ4i) (Michael J. Cannon)
- From: "Gareth" <garth@xxxxxxxxxxxxxxx>
- Date: Wed, 8 Aug 2001 14:47:58 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Oh, goody...so, during a time when the packet loss, traffic levels and
> overall affectors of Internet Lag Time are at their highest levels in a
> while, you folks are gonna look up a DNS RARP, then manually reverse-DNS
the
> result, do a who-is to the INTERNIC (or ARINC or other TLD authority), and
> then send a quantity of email to IP addresses that could have been
spoofed.
> How much traffic is that? Isn't this 'cure' worse than the disease?
IF you bother to take a look at what codered was you would see that whilst
it tries to attack 10 machines at random, it is not performing the ddos. So
by sending this email automatically before the ddos you could stop these
vast amounts of packets. Also codered does not spoof and can be disabled by
rebooting the machine. I am sure as an administrator you now know what
happens if a machine on your network spams email, in future the same might
happen if a machine is found to partake in a ddos. Think about subseven
trojans, how easily they spread, soon networks could be removed because of
this.
------ DIFFERENT NOTE
On a separate note I do not think there is any problem with frontpage server
extensions YET. Codered cannot even infect NT4 machines, it causes them to
reboot rather than infect. I doubt there will be a version for UN*X anytime
soon (next month or so).
Gareth