LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2001, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2001, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: A real threat, it appears
From:	"Johnson, Tracy" <[log in to unmask]>
Reply To:	Johnson, Tracy
Date:	Tue, 31 Jul 2001 09:57:32 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (116 lines)

I usually power down my stuff when not at home.
But I imagine Bruce must have reasons for leaving
his equipment turned on.  (Must be that California
energy surplus spilling over into Arizona.)
...

From what I've read of the CERT reports, the
"Code Red" virus attacks specific vulnerabilities
in the NT and W/2K IIS systems.  Does that mean, like
Bruce queries, that NT is intrinsically vulnerable?
No, it just means some doofus at MS left a big
gaping hole somewhere that needed to be plugged.

I ramble on...
It follows as a system gets less used, it becomes
less vulnerable to attacks, ... only because the
hacker will probably not write code to attack it.
(Or obtain the hardware to run it on.)  For example,
I think it may be a safe bet is less code being
propagated to attack MPE Win 3.1, MS-DoS, or
Apple ][  ;^) type systems anymore.  And it isn't
that difficult to get such hardware, at a "garage
sale" for example.  It just isn't glamorous for
a hacker to write virii on these platforms, and
it therfore does not fit into the criminal profile
of a hacker's ego.

Does this mean then, that part of the popularity
the HPe3000 community seeks ... (and if granted
by the HP Marketing gods) would cause the MPE/iX
O/S to start being attacked more frequently?

Sounds like an interesting study.  The cataloguing
of frequency and type of attacks over the life-span
of an O/S.  Wonder what kind of bell-curve that
makes?  And what kind of graphic would it be when
overlaid with various O/S over a timeline?  And
what would be the variable used to indicate O/S
'popularity'?

Tracy Johnson
MSI Schaevitz Sensors

>-----Original Message-----
>From: Bruce Toback [mailto:[log in to unmask]]
>Sent: Monday, July 30, 2001 10:02 PM
>To: [log in to unmask]
>Subject: Re: A real threat, it appears
>
>
>Tom Emerson writes:
>
>>The end
>>result is that while the Unix firewall "held up" under attack
>(i.e., it did
>>not affect other processes on the box), there is a very high
>likelihood
>>that a similar attack on Microsoft products will either crash
>the system
>>or "break through" and affect internal traffic.
>
>This sounds like what Wirt Atmar has termed an "adult bogeyman
>story". As
>anyone who's been unfortunate enough to read my past posts
>knows, I'm not
>at all fond of most Microsoft software. But I've never seen any reviews
>or reports indicating that high traffic rates will crash an NT system.
>And the idea that high traffic rates will somehow "break through" seems
>like it came from someone who didn't understand that "firewall" is a
>metaphor, not a specification.
>
>If you know of any reliable information indicating that NT is
>intrinsically less reliable as a firewall platform, please post the
>references so the rest of us can understand the issues.
>
>>'Those that would do
>>you harm' [the "negative" connotation of hacker/cracker] know this is
>>typically the case and devise attacks against Microsoft
>products [and most
>>likely originate these attacks from Unix systems...]
>
>There have been many attacks devised against not only Linux,
>but Sun and
>HP-UX as well. Most of the high-profile defacements (for
>example, the New
>York Times) have been against Sun, just because Sun servers run so many
>high-profile sites.
>
>Moreover, the firewall you're running is irrelevant for the Code Red
>worm. This attack happens to be especially pernicious because both the
>probe packet and the attack packet look like ordinary HTTP transactions
>to a firewall, which will happily let them through to a web server.
>
>>this is drifting off-topic unless
>>someone can point out how an HP might be adversly affected by
>"code red"
>>running rampant through an intrAnet...)
>
>Once the worm is on the intranet, it will use all available
>bandwidth to
>attack servers outside the intranet. That's how I discovered
>an infected
>system at my house: the modem here at the office that connects my home
>network to the Internet had its RX light on almost solid.
>Nobody was home
>at the time except the cats, and there's no way that two cats can
>generate that much outbound network traffic. The high rate of outbound
>traffic generated by the worm means that your users -- and your HPe3000
>-- will be unable to transfer data through your Internet connection.
>
>-- Bruce

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU