A modest proposal

Mailman List Mirror (Read Only)
1

Allan Chong put this into my mailbox:

> This discussion of securing dialup servers is pointless. I guarantee
> you that the 2000 packet/second SYN attacks we've been seeing are
> coming from a compromised host on a high speed connection and not from
> someone's 28.8k dialup connection. The hackers just take over a
> machine, use it to launch their attacks, and disappear into the jungle
> if we manage to find the particular machine they're using tonight.
>

Yes, I realize no one is launching directly from dialup, but often,
the user is someone originally dialed up and telneted to some box
(or through multiple boxes).

I'd just like to offer some perspective here. The majority of these types
are complete idiots - and this is speaking from experience. For some reason
or other a lot of these get their start on IRC, and then go from there, and
I get to see them in the 'formative stages', as it were.

I haven't used any myself, but apparently there are several software
packages out there with a pretty graphical front end, complete with
Hollywood-style "Click to destroy machine" buttons and menus.

I have indeed seen that the majority of these types believe that it's
perfectly possible to ping -f or nuke/SYNflood/whatever a machine from a
14.4k or 28.8k dialup. Granted it may not be as bad as the Panix case, but
it's still an incredible nuisance.

What I'm trying to say is don't dismiss this as not possible. With the
current level of public education about the Internet - "How do I get to that
superhighway information thing? I'm interested in Route 25.." - it can and
is very possible that people will do things like this from a 28.8k. I've seen
it happen.

(I'm not trying to say there isn't a range, though - I've gotten several
"I'll destroy your machine with my tee3 account!" threats as well.)

-dalvenjah

  Dalvenjah FoxFire, the Teddy Dragon (also known as Sven Nielsen to some :slight_smile:
                dalvenjah@dal.net --- dalvenjah on IRC
     Remember: if you're not on DALnet, you're on the wrong IRC server!!
       (/serv irc.dal.net 7000 or telnet telnet.dal.net to try it out)

2

I'd just like to offer some perspective here. The majority of these types
   are complete idiots - and this is speaking from experience. For some reason
   or other a lot of these get their start on IRC, and then go from there, and
   I get to see them in the 'formative stages', as it were.

<ahem> Some of them even put their IRC names in their .signatures
(present company excluded of course) :slight_smile:

   I haven't used any myself, but apparently there are several software
   packages out there with a pretty graphical front end, complete with
   Hollywood-style "Click to destroy machine" buttons and menus.

Uh huh, right. If you ever actually see anything like this, lemme know.

   I have indeed seen that the majority of these types believe that it's
   perfectly possible to ping -f or nuke/SYNflood/whatever a machine from a
   14.4k or 28.8k dialup. Granted it may not be as bad as the Panix case, but
   it's still an incredible nuisance.

The only "nuisance" will be if you notice it; that is actually not
very likely. The causal "victim" will be happily oblivious to a
pingflood coming from a 14.4k dialup unless he too happens to be on a
14.4k dialup.

   What I'm trying to say is don't dismiss this as not possible. With the
   current level of public education about the Internet - "How do I get to that
   superhighway information thing? I'm interested in Route 25.." - it can and
   is very possible that people will do things like this from a
   28.8k. I've seen it happen.

Oh, sure, they'll *try* it, but the results will be boring. they
don't get the machine to go "boom", and after a suitable period of
trying, they go back to IRC.

   (I'm not trying to say there isn't a range, though - I've gotten several
   "I'll destroy your machine with my tee3 account!" threats as well.)

You've got a whole lot more to worry about from him -- at least he has
the bandwidth to make good on a threat to make your life difficult via
brute force.

                                        ---Rob

4

* I haven't used any myself, but apparently there are several software
   * packages out there with a pretty graphical front end, complete with
   * Hollywood-style "Click to destroy machine" buttons and menus.

5

* *
* * I haven't used any myself, but apparently there are several software
* * packages out there with a pretty graphical front end, complete with
* * Hollywood-style "Click to destroy machine" buttons and menus.
* *
* *Uh huh, right. If you ever actually see anything like this, lemme know.