:: Joe Shaw writes ::
> Next there is a rumor that 8000 users have been infected with a tweaked
> system.exe file that makes that user a smurf amplifier unwittingly. These
> are things to watch for. I wish there was an easier way to break bad news.I fell out of my chair at that statement. One user/host cannot be a smurf
amplifier; one network from a /30 and down can with different results.
If I modify my kernel to generate 100 ECHO REPLYs for each ICMP ECHO I
recieve, how is my PC signifigantly different than a /24 behind a
router that doens't have "no ip directed-boradcast" (or it's
equivalent) configured, with 100 devices on it that all respond to ICMP
ECHOs addressed to the boracast address?
I'm not saying that I believe this rumor (or even that I've heard it
before now), nor am I saying that the rumor has as much thought behind
it as my previous paragraph does, nor am I saying that if you were
going to implement such a thing on a Windows machine that you would
implement it in system.exe. (I'm not even saying that system.exe
exists.)
But I am saying that such a thing is technically feasible. And I am
saying that there are people out there who are not above writing a
virus that facilitiate the use of other people's machines in DOS
attacks.
- Brett (brettf@netcom.com)