Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Microsoft Server Flaw Used Against U.S. Military

By sllort in News
Tue Mar 18, 2003 at 06:39:58 PM EST
Tags: Internet (all tags)
Internet

The computer security community has a set of rules dictating the flow of information when a security problem is discovered. This process dictates that when a researcher finds a security flaw, a report on the problem is delivered confidentially to the vendor providing the flawed software. The vendor releases an advisory on the flaw and a fix to correct the problem, crediting the researcher.

This works pretty well, except when the "researcher" attacks the U.S. Army instead.


When the "researcher" who discovers a security problem is a blackhat, a different process takes place. In this scenario, the blackhat attacks targets of his or her choosing, leaving the vendor scrambling to protect and caution its customers. This time shortly after attacks were first reported, CERT has a hastily scrapped together advisory and Mitre's CVE dictionary has managed an empty placeholder. When a flaw is used maliciously the day it is discovered, the security community calls this a "0-day exploit".

Most security systems guard against a library of known attacks. Intrusion detection systems and virus scanners both work by comparing data against a library of known, documented attacks and passing anything which does not match. Firewalls guard against access to services which are not designed for public use, but IIS 5.0 and other web servers are designed for public use and are deployed all over the planet.

In short, there is no existing protection mechanism against an attack of this type. Firewalls, IDS systems, and virus scanners are unable to protect the first target of a 0-day exploit. It is easy to assume that this is a worst case scenario, but it is not. A worst case scenario is when a 0-day exploit of this type is built into a worm which delivers a highly malicious payload, such as a secure hard drive wipe. Considering there are millions of servers which are vulnerable to this flaw at the time of the writing of this article, and considering that the SQL/Slammer worm infected most vulnerable hosts in under ten minutes, the possibility exists that in any Internet-connected system, your data may be securely removed from your hard drive at any time. Unix-based systems such as Linux and OS/X are far from immune, especially in light of recently discovered flaws in OpenSSH and OpenSSL.

The security community has a popular catchphrase: "Security is a Process". This phrase is an attempt to reinforce the idea that there is no panacea or golden bullet for computer security. Today's attacks served as a reminder to the U.S. Army - and the rest of us - that any data on an Internet-connected hard drive often remains intact by the grace or collective ineptitude of a small community of people who know how to exploit security problems and write assembly code. While many are content to trust this small community of people they've never met, many readers may wish to re-evaluate their data backup procedures.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
My computer security process consists of:
o An update service such as RedHat Network or Microsoft Update 6%
o A Virus Scanner 1%
o A Firewall 10%
o An Intrusion Detection System 1%
o A regular backup procedure 3%
o A single product combining multiple above elements 1%
o Multiple products combining multiple above elements 55%
o Prayer 19%

Votes: 187
Results | Other Polls

Related Links
o attacks the U.S. Army instead
o blackhat
o vendor
o protect and caution
o hastily scrapped together advisory
o empty placeholder
o infected most vulnerable hosts in under ten minutes
o OpenSSH
o OpenSSL
o Security is a Process
o Also by sllort


Display: Sort:
Microsoft Server Flaw Used Against U.S. Military | 75 comments (35 topical, 40 editorial, 0 hidden)
Most important sentence in the article (4.50 / 8) (#3)
by pyramid termite on Mon Mar 17, 2003 at 07:56:36 PM EST

many readers may wish to re-evaluate their data backup procedures.

If you want it, back it up.

On the Internet, anyone can accuse you of being a dog.
I agree, and it's why I made it Op-Ed (5.00 / 2) (#6)
by sllort on Mon Mar 17, 2003 at 07:59:03 PM EST

I felt that this timely news bit would serve as a concrete example of why this is so true.
--
Warning: On Lawn is a documented liar.
[ Parent ]
Shared Source (1.66 / 3) (#13)
by kraant on Mon Mar 17, 2003 at 10:11:56 PM EST

I wonder whether it was one of the governments like China or Russia that have access to Microsoft Code who did this? The people who started the whole Microsoft Shared source initiative must be feeling mighty stupid now.
--
"kraant, open source guru" -- tumeric
Never In Our Names...
Security (4.66 / 6) (#14)
by carbon on Mon Mar 17, 2003 at 11:53:33 PM EST

If a security system is actually secure, then reading its source code should not provide you with a way to break it. Otherwise, the system would be useless.


Wasn't Dr. Claus the bad guy on Inspector Gadget? - dirvish
[ Parent ]
why (none / 0) (#16)
by rankor on Tue Mar 18, 2003 at 12:02:30 AM EST

Why would they be feeling stupid?

[ Parent ]
The best security (2.40 / 10) (#20)
by the77x42 on Tue Mar 18, 2003 at 02:48:04 AM EST

Is unplugging a computer and locking it in a room. Short of that, the best security is anything BUT Microsoft. IIS is so flawed you don't even need a NIC to get hit.


"We're not here to educate. We're here to point and laugh." - creature
"You have some pretty stupid ideas." - indubitable ‮

No way man! (none / 0) (#31)
by jt on Tue Mar 18, 2003 at 11:43:16 AM EST

Get PathLock! It's endorsed by Steve Gibson, it's gotta be good!

[ Parent ]
Mindless GNU fanboy (4.20 / 5) (#48)
by CaptainSuperBoy on Tue Mar 18, 2003 at 08:46:57 PM EST

IIS is so flawed you don't even need a NIC to get hit.

If the Army had used MS's IIS lockdown tool they would already be safe from this exploit. The other big hole, the one that allowed code red, was patched months before it was exploited. No, the blame here is still on the user as it usually is.

MS is a great target for you mindless fanboys, all you have to do is pretend it's 1996 and that they still make bad software. Oh no, did you know Winblows 98 can only talk to 128 megs of memory? M$ is so teh crappy!

I'm not fond of this (since I'm doing the same thing as you) but I think I should drop some random names: OpenSSL, Sendmail, Bind.

--
jimmysquid.com - I take pictures.
[ Parent ]

Not a mindless fanboy (5.00 / 3) (#57)
by the77x42 on Wed Mar 19, 2003 at 04:07:58 AM EST

I personally hate linux. I hate windows too though. Fuck, I just hate computers.

Having done dozens of IIS installations, it is flawed out-of-the-box. It should come with much better default security and the IIS lockdown utility should be run automatically.

Ever backup your metabase? Oh ya...

You know you MUST have IIS installed to run Exchange 2000? And if your metabase gets corrupted you are fucked for email? Where is the automatic backing up of the metabase.bin file without having to rummage through the scripts directory and creating a scheduled task? The file gets fucked up for NO REASON.

IIS is flawed like I said; you don't even need a NIC -- it will fuck up on it's own.


"We're not here to educate. We're here to point and laugh." - creature
"You have some pretty stupid ideas." - indubitable ‮

[ Parent ]

True (2.00 / 1) (#60)
by CaptainSuperBoy on Wed Mar 19, 2003 at 08:57:18 AM EST

You have some good points there. I won't say IIS is the easiest server to run, I was just talking from a security point of view. It's true that there are some nasty administrative pitfalls but, like security issues, you can deal with them if you know what to do.

--
jimmysquid.com - I take pictures.
[ Parent ]
Sorry, but I have to take issue with the patching (5.00 / 2) (#63)
by L Satyl on Wed Mar 19, 2003 at 10:05:34 AM EST

Specifically since I spent a lot more time than I'd like too on making sure I have every last patch from Micrsoft.

Look e.g. at the patch for MS03-003 (the patch for the vulnerability of this article), from a Bugtraq post by Jason Coombs:

[SNIP]

Microsoft Baseline Security Analyzer (MBSA) and Microsoft's version of HFNetChk both failed to detect the presence of the well-known vulnerability in SQL Server exploited by Sapphire, which is one of the reasons so many admins (both inside and outside MS) had failed to install the necessary hotfix. MBSA and HFNetChk are Microsoft's official patch status verification tools meant to be used by all owners of Windows server boxes.

[SNIP]

Unfortunately, the version of HFNetChk distributed by Microsoft (version 3.32) relied on Microsoft's XML file by default. Only admins who downloaded the updated HFNetChk (version 3.86) directly from Shavlik Technologies had a tool that automatically relied on Shavlik's XML file and could therefore detect the vulnerable ssnetlib.dll file and warn that it needed a hotfix during calendar year 2002.

[SNIP]

None of Microsoft's own hotfix/patch status scanning tools designed to prove "baseline security" were able to help administrators avoid Sapphire. This entire scenario, this comedy of errors, illustrates the security risk created by any organization that pushes security around from department to department, passing the buck and hoping that somebody else will know how to deal with the problem. The result is a system so flawed that it borders on the absurd.
Or how about this e-mail, I got today from Russ, Surgeon General of NTBugtraq:
[SNIP]

It seems that MS PSS (Product Support Services) distributed a version of NTOSKRNL.EXE prior to W2K SP3 but after W2K SP2 to some customers together with Hotfixes for other purposes. Versions of NTOSKRNL.EXE between 5.0.2195.4797 and 5.0.2195.4928 (inclusive) are not compatible with the patch delivered in MS03-007. These systems will all report being W2K SP2 and the only way to distinguish them from other SP2 systems (where MS03-007 will work) is by checking the file details. Windows Update is not able to do this (did I say that Windows Update was a dog, or didn't I!).

Ergo, if you use Windows Update (or Software Update Services) you will end up with crashed machines if any of them applied one of these PSS patches (no list has been provided, so you'll just have to guess for yourself).

[SNIP]

Let's hear a collective "Yippy Kiayah ..." for this wonderful mess. Ain't patching using MS tools fun?
No, the blame here is still on the user as it usually is.
Yea, it's all my fault that my systems aren't patched (they are, but not thanks to, rather in spite of, Microsoft).

[ Parent ]
Oops (none / 0) (#64)
by L Satyl on Wed Mar 19, 2003 at 10:07:52 AM EST

The post of Jason Coombs is of course related to Saphire, not MS03-003, nor MS3-007, the vulnerability for this article.

My bad.

[ Parent ]
go to hell you fucking gutter slut (1.03 / 32) (#27)
by turmeric on Tue Mar 18, 2003 at 08:03:45 AM EST

whoring yourself to the army huh? what do you think einstein would say about that? do you think maybe your zealousness to have your little pet project be accepted by society is overwhelming your sense of morality? maybe? you fucking cowardly shitbag?

Question for tumeric (none / 0) (#33)
by duffbeer703 on Tue Mar 18, 2003 at 01:11:25 PM EST

Do you actually login with multiple id's to rate yourself and your rants up, or have you written some sort of scoop-bot?


[ Parent ]
Question for duffbeer703: (none / 0) (#54)
by rasmoh on Tue Mar 18, 2003 at 11:05:52 PM EST

Are you not, in fact, actually tumeric?

'Twas the pride of the peaches.
[ Parent ]
We are all Tumeric (5.00 / 1) (#74)
by ghjm on Thu Mar 20, 2003 at 12:52:42 PM EST

It's the essential tragedy of the human condition.

-Graham

[ Parent ]

i am me (none / 0) (#65)
by turmeric on Wed Mar 19, 2003 at 10:12:12 AM EST

nobody else is me. except that one time a long time ago, but that was ONE story submission. nothing more nothing less.

[ Parent ]
Public review (4.66 / 6) (#29)
by pyro9 on Tue Mar 18, 2003 at 09:41:58 AM EST

This is an area where closed source has a natural weakness. In open source, the code is subject to a wide review process where vulnerabilities are found and closed.

At the very least, this allows a site to have some control over it's own security. It may not be possible in practice to check each and every line, but the open discussions on the net allow a site to make a choice based on the statements of their most trusted sources for information. Because the review process is open, a site can choose software based on known factors such as how vigorously it is reviewed, how many flaws a typical release has, and how quickly the holes are closed.

With proprietary code, you have only assurances from someone who wants you to use (and pay for) the software. The security review (if any) is not subject to evaluation.

For widely used software, open source will be reviewed by many more experts than any closed source. That can't absolutely guarantee that no flaws exist (especially truly novel attacks), but it can go a long way.

While blackhats can also take advantage of the source code, they are still limited by it's openness. With closed source, if an exploit is found, the blackhat can just keep it quiet while he perfects his exploit to do maximum damage. Having perfected the attack, he may then hold it in reserve until a time of his choosing.

With open source, the blackhat does not have that luxury. He knows that if he found it in the source, someone else will find the same thing at any time and close it up. His arsenal of exploits is subject to expiration at any time.

It is worth noting that in the open source world, a recent flaw in OpenSSH was NOT handled in the usual open manner. The result was that a number of sites BECAME vulnerable as a result of their attempts to update and close a vulnerability that it turns out they never had. The incident underlines the importance of openness and at the same time warns that open source is not in itself an assurance that the right things will happen.


The future isn't what it used to be
I +1 FP your comment. (5.00 / 4) (#45)
by sllort on Tue Mar 18, 2003 at 04:28:58 PM EST

There is a lot of bullshit floating around about why open source security review is "always" better than closed. Your comment carefully sticks to the facts, which is rare. I like to sum it up thusly: At least Open Source gives you a fighting chance.

How hard you fight, of course, is up to you.
--
Warning: On Lawn is a documented liar.
[ Parent ]

your stupid (1.00 / 3) (#53)
by rasmoh on Tue Mar 18, 2003 at 11:01:40 PM EST

you cant +! FP a comment because you can only +1 FP a story get it right

'Twas the pride of the peaches.
[ Parent ]
The "many eyeballs" theory (4.83 / 6) (#47)
by swr on Tue Mar 18, 2003 at 07:59:42 PM EST

I'm as big a fan of open source software as anyone (my own machine runs Linux exclusively), but I'm a bit skeptical of the "many eyeballs" theory that open source software is inherently more secure.

There are many other alternative reasons aside from "many eyeballs" why the Linux versus Windows, Apache versus IIS, etc. comparisons show the open source stuff being more secure...

  • Code maturity. Most commercial software suffers from feature-bloat. New features are what sell new versions of the software. New features can contain new bugs. Some of those new bugs may be security holes. Most open source software, on the other hand, tends to do one thing and then focus on refinement rather than new features. This results in a very mature codebase.
  • Deadlines, and lack thereof. Most commercial software is written to a deadline. Most open source software is not. How many bugs (some of which turn out to be security holes) are the result of overworked programmers and hastily-written code?
  • Pride versus pay. In the case of open source software, the authors know that their code will be open and on display to their peers. I think that encourages more attention to detail, and a desire to DTRT, rather than implementing quick-and-dirty hacks. Compare to commercial software, where the programmers are working for a paycheck.
  • Experienced programmers. Most of the high-profile open source projects are run by programmers with many years of experience. Most commercial software is developed by a mixed bag.

What gets me is how insecure some open source software is. For example, most of the stuff from Washington University - wuftpd, wu-imapd, pine. And there are lots of little open source projects that are probably chock-full of exploitable bugs. And then there are closed source software packages that have a good security history (I can't think of any off the top of my head, but I assume that's just because I'm an open source guy; I'm sure they are out there). I would bet that the bad open source and good closed source projects are that way because they break the generalizations I've outlined above.

But don't get me started on the "Microsoft software isn't less secure, it's just targetted more because it's #1!" MS-zealotry that ignores Apache, Sendmail (yes I know about sendmail's history but recent years have been good), and all other instances where MS is not #1 (or was not #1 in the past; remember the virus-free days before Outlook?).



[ Parent ]
Minor correction (5.00 / 1) (#49)
by ghackmann on Tue Mar 18, 2003 at 09:01:45 PM EST

pine is from University of Washington (washington.edu), not Washington University in St. Louis (wustl.edu). Also, not everything they put out is riddled with security holes -- I'm told ACE is used in quite a few mission-critical applications.

I will agree with you about wu-ftpd being an atrocity, though. (Can't comment on wu-imapd since I don't know anything about it.) My guess is that it was implemented in sort of an ad-hoc manner to get the famed wuarchive up and running fast, whereas something like ACE was done in a research environment.

[ Parent ]

not inherently (5.00 / 1) (#52)
by pyro9 on Tue Mar 18, 2003 at 10:27:51 PM EST

I agree with your points. I do somewhat subscribe to the many eyeballs theory, but perhaps not in the extremity of the statement.

I would not go so far as to say 'inherently', just potentially. Your example of wu-ftpd is a good example of where that hasn't happened.

None of those factors alone does it, but combined, they do give open source a better track record.

Perhaps just as importanht, open source removes deniability. It also opens up the possibility for Debian's policy of backporting security fixes without taking on the risk presented by new features. MS is famous for massive service packs that close a few holes, add some features, and turn out to add more and worse security holes as well.

As for the MS-zealotry, I couldn't agree more. The kiddiez may attack desktop machines, but servers are the really big payoffs, and MS doesn't have the lead there (except in exploits).


The future isn't what it used to be
[ Parent ]
Something missing... (5.00 / 3) (#50)
by gmuslera on Tue Mar 18, 2003 at 09:34:37 PM EST

In the current schema of whitehat-annouces-vendor, there is time involved. Microsoft is widely know to sometimes take months before a fix is published (I think the bug that caused codered was announced to Microsoft 6 months or more before Microsoft acknowledges that there was a problem there, after ISS published what was the problem after being ignore by them).

If this flaw was noted months ago, Microsoft took its own time to first acknowledge that was there, and then try to figure out how to fix it, well, the problem could have been spread informally till it got into some blackhat hands, and then someone produces an exploit (even Microsoft was aware of it since las Wednesday), and it becames so widespread that finally fall into the hands of someone dumb enough to attack US Military.

There are two problems here: the time that Microsoft takes to fix anything, so if a flaw is announced before time a big percent will be vulnerable without fixes for a lot of time (and for this Microsoft made almost illegal the announcement of software vulnerabilities), and that as administrators don't have a clue that this exist and something dangerous could happen, the flaw exist widely open because no workaround around the problem is published neither.

If a week ago someone at Microsoft suggested that could be a problem around the WebDAV installed by default by IIS, and that it could be disabled in some way, most of the damage could have been not done, but hiding this information until they realized how to fix it, take the time to test properly the fix and finally announce the problem, the workaround and the fix only helped this to happen.

I would like to blame Microsoft to all of this, but in the open source field there are others that did something similar. In the sendmail flaw that was announced this month, I think that the flaw was announced to them in january, and if someone realizes about it, it could have been a remote root exploit for a big percent of internet sites. Most problems are fixes in few hours after being discovered, but anyway this case could be a bad precedent.

What does the Army have to do with it? (4.00 / 2) (#51)
by KnightStalker on Tue Mar 18, 2003 at 09:52:46 PM EST

In your intro, you make it sound like the fact that an Army website was cracked makes this somehow different from any other website being cracked, but neither you nor the MSNBC article says what the Army's response was. Did they strongarm Microsoft to get a patch out (the article sort of almost implies this), or send the 185th Airborne parachuting into the researcher's backyard, or what? I think I must be missing something.

Nobody knows what the military's response was. (5.00 / 1) (#58)
by sllort on Wed Mar 19, 2003 at 08:24:21 AM EST

They're being very quiet about it. The military's involvement, in this case, is that they were the first to be hit with an attack on a new vulnerability. I'm sorry I don't have more information for you, but that's what's available.
--
Warning: On Lawn is a documented liar.
[ Parent ]
Life in the TS lane (none / 0) (#62)
by X-Nc on Wed Mar 19, 2003 at 09:52:38 AM EST

Heh, there's a lot that DoD is doing about this. But if I told you I'd have to shoot you.

Seriously, there's a lot that happens on the NIPRNET that isn't readily known to the general public. You wouldn't believe the kind of attacks that the Army Homepage gets on an hourly bases. Oh, and just for fun, check out what kind of system the AHP is running on.

--
Aaahhhh!!!! My K5 subscription expired. Now I can't spell anymore.
[ Parent ]

If you think it's hard writing a comment... (none / 0) (#67)
by sllort on Wed Mar 19, 2003 at 11:53:33 AM EST

...with your gag order in place, try writing a story. It sucks.
--
Warning: On Lawn is a documented liar.
[ Parent ]
Fear, Uncertainty and Doubt. (3.50 / 2) (#55)
by zipper on Tue Mar 18, 2003 at 11:09:40 PM EST

... THE 0-DAY IS COMING... NOTHING CAN STOP IT, IT JUST ATE JAPAN! *FILMED IN SUPERMARIONATION*
In short, there is no existing protection mechanism against an attack of this type. Firewalls, IDS systems, and virus scanners are unable to protect the first target of a 0-day exploit.
This isn't completely correct. Any recent IDS is quite capable of protecting against a 0-day exploit. If you want host-based protection, a heuristic IDS watches for suspicious syscalls from a daemon... or heck, you could try setting the CAPs right. If you want network-based protection, you could try an IDS like snort with rules matching NOP and similar 'dead' opcodes like AAA... I'm not sure what heuristic NIDS are like.

Naturally virus scanners are useless because a 0-day exploit is NOT A VIRUS, and unless it's something like an email worm, it's not something they should be expected to block. As an aside, I don't consider a worm a virus anyway, a virus needs help to replicate (you opening/running something), a worm does it on its own.

The utility of firewalls is completely dependent on the service... In some cases, it won't help... I can't very well firewall off my mailserver... but in others, it would have made the difference. To use your example of MSSQL, What the hell was your SQL server doing open to the internet anyway?

While on the subject of MSSQL, Some admin with years of experience is going to reply to this and mention that, gosh darnit, that patch was hard to apply. That's a cheap cop out. Individually, sure, you wanted to protect your ass, and you didn't want to risk installing something that might break... and individually, that would be the correct thing to do... except there are tens of thousands of microsoft admins worldwide, I know SOMEONE out there figured out how to apply the patch properly.

---
This account has been neutered by rusty and can no longer rate or post comments. Way to go fearless leader!
The SQL Patch (none / 0) (#56)
by 0xA on Wed Mar 19, 2003 at 02:46:36 AM EST

I hate it when people call that patch hard to apply. All you had to do was copy some files and run some scripts. If that is beond someone's abilities then maybe they should think about a new line of work.

You can't fault somebody for being nervous about MS patches in case they break something though, especially SQL. Happens all the damn time.

[ Parent ]

Productive Databases & Patching (5.00 / 1) (#73)
by CaptainZapp on Thu Mar 20, 2003 at 05:47:04 AM EST

I'm a long term database - admin and architect, primarily working with Sybase, which is rather comparable to MS SQLServer.

I worked on extremely critical financial systems as well within very complex, distributed and replicated environments.

And I can guarantee you, that I would never ever just apply a patch to a database server in such production systems, just because the vendor says so.

Ease of installation is one thing. But that's not the issue here. The issue is, that you have to test it very, very carefully before rolling it into production. On critical systems this can easily take month.

I further think, that it's negligence on an almost criminal level to have services (like a database engine or a web server) running without John Q User even knowing what the hell is going on and Microsoft sure as hell deserves all the bad credit going in it's direction for pulling stunts like that.

So just arguing that "we had the patch ready" is a rather cheap cop out from the boys in Redmond. Regardless how easy it is to apply it.

[ Parent ]

I realize that... (none / 0) (#75)
by zipper on Thu Mar 20, 2003 at 01:08:15 PM EST

But the sql patch was out for more then.. what was it, 8 months before the worm hit? Careful testing aside, the patch *still* should have been applied... and on top of that, whatever happened to sensible firewalls? I can't speak to your specific situations, but most people don't need, and definitely shouldn't have their DBs exposed to the world.

Also, let's not forget that a lot of other vendors shipped products with vulnerable database engines involved, things that most people wouldn't expect. There's plenty of blame to go around here.

---
This account has been neutered by rusty and can no longer rate or post comments. Way to go fearless leader!
[ Parent ]
The Build System (3.00 / 1) (#61)
by pnadeau on Wed Mar 19, 2003 at 09:18:35 AM EST

An often overlooked advantage that open source has is that it usually has a very simple to use build procedure.

I often download versions of KDE and just let the machine build it overnight. Think about it! autoconf and friends don't get the attention they should.

I worked on OS/2 once and the build system for that was so incredibly byzantine that a new programmer attempting to do a build of PM (the desktop for OS/2) would have taken weeks of study and coaching from programmers more experienced with the procedure.

This is typical. Apparently the build procedure for MS Office is documented in several 4 inch binders.

Now even if the 'many eyeballs' don't catch the bug that turns out to be a security hole, at least when it is found we can fix it and recompile easily without having to start the lurching rube goldberesque process that passes for a build procedure in industry.


"Can't buy what I want because it's free, can't be what they want because I'm..."  Eddie Vedder


An interesting thought... (none / 0) (#70)
by tang gnat on Wed Mar 19, 2003 at 12:58:15 PM EST

What if a code-red-like worm were made, that was designed to collect a large group of infected computers, and then DDOS random sites? Or maybe just DDOS a few preselected domains - over and over.

I think... (none / 0) (#72)
by JahToasted on Wed Mar 19, 2003 at 03:11:45 PM EST

Code Red was supposed to DDOS whitehouse.gov's IP address. Fortunately/Unfortunately it was set to attack the IP without checking DNS. So the whitehouse changed their IP and updated the DNS so wasn't DDOSed.

[ Parent ]
Microsoft Server Flaw Used Against U.S. Military | 75 comments (35 topical, 40 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!