Re: Rootkit RE: [PROPOSAL] DDOS - Distributed DoS (1 candidate)
On Wed, Feb 16, 2000 at 09:28:35AM -0500, Pascal Meunier wrote:
> Scott, you are assuming that the people who have the tools installed
> are unwilling. Let's say theoretically speaking that there is an
> underground hacker group (or student association) who is hooked up to
> DSL lines (like in university residences) and who thinks that it
> would be "cool" to form an "army". How about a popular civil
> movement protesting something, like the WTO last summer? I think
> some people would voluntarily "enlist" their computers in a cause
> that would use DDoS attacks. The rootkit analogy does not hold, yet
> the DDoS attacks could be just as effective. However, if the
> university or ISPs implemented egress filtering, the DDoS attacks
> could be easily stopped because the people could be held accountable.
> The crux of the matter is the anonymity provided by IP spoofing.
> You are correct that in most cases, having a DDoS tool installed on
> your system is an exposure like rootkit. Maybe that deserves a CVE
> entry. However, I think that does not capture the nature of the
> DDoS, and that an entry about egress filtering is of utmost
> importance because it patches a fundamental vulnerability of IPv4.
I agree with Scott for no other reason that there needs to be a CVE
ID so that IDS systems can report this things.
Are we going to start handing out CVE ids for low level design faults?
E.g. lack of encryption at the IPv4 packet level? lack of resource
allocation protocols? the used of DES instead of Triple DES? etc
Aleph One / email@example.com
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01