Sobigf + BGP

Guy_Tal · August 23, 2003, 11:21pm

'vuln'dev', and besides I wouldn't think that any
one here would do something malicious with any idea
that actually worked for the worse.

Assuming that everyone subscribed to the list has the best of intentions,
what about people that can scan the publicly accessible archives? Or even
the search engines that have nanog archives indexed? There's nothing wrong
with kicking ideas like this around with the intention of coming up with a
strategy on how to combat them, but perhaps a more discreet forum would be
appropriate?

I didn't get a chance to look at your idea very closely, but there are
interesting possibilities brought up.

Guy

Stephen_J_Wilcox1 · August 24, 2003, 10:51am

There are a lot more people subscribed to the list than you actually see
posting, I'm sure many of them are representatives of the l33t h4x0r community..

My impression of most of these people is that they are very clever, and unless
you post something here that is really brilliant thinking the chances are these
guys can come up with most of the ideas themselves.

Steve

Etaoin_Shrdlu · August 24, 2003, 11:54am

"Stephen J. Wilcox" wrote:

> "J. Oquendo" wrote:

> > 'vuln'dev', and besides I wouldn't think that any
> > one here would do something malicious with any idea
> > that actually worked for the worse.

Stunning innocence. I had to read this statement at least four times to be
sure that I was not mistaken. Then I examined the headers, and I wonder if
you (J. Oquendo) are being a bit disengenous. You may be well-meaning, but
I cannot believe that anyone believes such a thing.

> Assuming that everyone subscribed to the list has the best of intentions,
> what about people that can scan the publicly accessible archives? Or even
> the search engines that have nanog archives indexed? There's nothing wrong
> with kicking ideas like this around with the intention of coming up with a
> strategy on how to combat them, but perhaps a more discreet forum would be
> appropriate?

We have seen that many people *posting* do not have the best of intentions;
I can assure you that there are lurkers on Nanog (surprise, surprise) who
are not nearly as naive and well-intentioned as J. O. would hope. In fact,
I know that there are subscribers from various print media, various on-line
media, and certainly some stunningly unpleasant characters that I run into
on other lists.

There is no such thing as a discreet forum. If you mean by that, a few
people exchanging emails, then surely that is not a forum, not being
public. If it is publically accessible, and you aren't sure of precisely
every member that's on it, then it's NOT discreet. It may be obscure, but I
know plenty people who specialize in the obscure.

There are a lot more people subscribed to the list than you actually see
posting, I'm sure many of them are representatives of the l33t h4x0r community..

Those are hardly the persons you need worry about. There *is* no hacker
community. There may be pockets here and there, with people of varying
skills, and purposes, but there is no community.

On the other hand, this is almost certainly not a topic for Nanog, even if
the word BGP does appear in the original post.

Sounil_Yu · August 25, 2003, 12:17am

My impression of most of these people is that they are very clever,
and unless you post something here that is really brilliant thinking
the chances are these guys can come up with most of the ideas
themselves.

When Blaster hit back on Aug 11, I remembered an earlier NANOG post that I
saw:

I was just thinking the other day, wouldn't it be funny if there was a
worm that had infected machines attack windowsupdate.microsoft.com so
you couldn't patch?

Despite the windowsupdate.microsoft.com vs windowsupdate.com difference, the
paranoid side of me thinks that this was more than coincidental...

-Sounil

Adam_Maloney1 · August 25, 2003, 1:02am

And my wife said 2 days at fortuneteller camp was a waste of money - Hah!

This is neat, maybe I can make some more stuff happen. "Tomorrow I will
win the lottery." "My next Qwest bill will be correct."

Incidentally, I'd dump that stock you just bought - the CEO of that
company is going to be involved in a little "incident" next week involving
2 goats, a paper mache' reconstruction of the Eiffel tower, and a well
known youth organization.

The oracle has spoken

When Blaster hit back on Aug 11, I remembered an earlier NANOG post that I
saw:

Subject: Re: Microsoft.com attack?
> I was just thinking the other day, wouldn't it be funny if there was a
> worm that had infected machines attack windowsupdate.microsoft.com so
> you couldn't patch?

Despite the windowsupdate.microsoft.com vs windowsupdate.com difference, the
paranoid side of me thinks that this was more than coincidental...

-Sounil

Adam Maloney
Systems Administrator
Sihope Communications