tag:blogger.com,1999:blog-37798047.post5361882756722151235..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: State sponsored attack: a howto guideDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-37798047.post-23729601494900520942013-01-12T09:25:22.448-05:002013-01-12T09:25:22.448-05:00Only Cyber crime is not more enough for that heino...Only Cyber crime is not more enough for that heinous work, It was really blamable.. <br /><br />Feel free to visit <a href="http://fivestaralarm.com/security-service-faqs/" rel="nofollow">security company</a>sarah leehttps://www.blogger.com/profile/04458958401387511915noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-17963348384424359922013-01-12T09:23:55.849-05:002013-01-12T09:23:55.849-05:00This comment has been removed by the author.sarah leehttps://www.blogger.com/profile/04458958401387511915noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-8014753831533569812013-01-10T12:56:55.051-05:002013-01-10T12:56:55.051-05:00It's great that we can agree so readily and be...It's great that we can agree so readily and be the people who really should technically as professionals. Still though, these stories get onto the likes of NPR and elsewhere with morons making these ridiculous assertions and the talking heads and general public sit there heads bobbing. krypt3iahttp://krypt3ia.wordpress.comnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-63311521731195801052013-01-10T02:27:54.953-05:002013-01-10T02:27:54.953-05:00I completely agree with Robert's assessment th...I completely agree with Robert's assessment that this attack method is not as sophisticated as the story makes it seem. It does not come close to requiring "nation state" level support, and is not even the first time that compromised servers have been used for DDoS attacks. I know of what I speak, as I was the first person to produce technical analyses of DDoS tools in 1999. A very similar method to that described above was used to compromise Windows servers in 2001 in order to similarly install a script that could be remotely controlled to generate DDoS traffic from those computers (see <a href="http://staff.washington.edu/dittrich/misc/power.analysis.txt" rel="nofollow">http://staff.washington.edu/dittrich/misc/power.analysis.txt</a> for one example.) Those who claim this is so sophisticated either do not know what they are talking about, or have their own agenda.<br /><br />And if Tom Gjeltin's story on NPR was correct about some bank paying a consulting company to look into acquiring "cyberweapons" to fight back, they are insanely stupid. The technical details above prove that the likely result would be harm to innocent third parties whose systems were turned into "unwitting agents" of DDoS attacks, controlled from far away, likely by proxies. This discussion of "going on the offense" is really getting out of hand, with people who have no technical expertise at all trying to justify taking extreme short-cut risky actions. (For more on misguided thoughts of attacking back, see my <a href="http://www.honeynet.org/node/1004" rel="nofollow">Honeynet blog post</a>.)Dave Dittrichhttps://www.blogger.com/profile/06889125927663359429noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-17262688844498437962013-01-09T20:02:54.187-05:002013-01-09T20:02:54.187-05:00The attacks aren't sophisticated, nor are the ...The attacks aren't sophisticated, nor are the attackers skilled.<br /><br />The attacks have succeeded to the extent that they have so far due solely to the ineptitude and unpreparedness of the defenders.<br /><br />When the defenders exhibit competence in mitigating these attacks, they're entirely ineffective. The attackers have very little clue about how to effectively DDoS their targets.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-71190186602218771272013-01-09T19:06:51.731-05:002013-01-09T19:06:51.731-05:00I heard the same "this is too sophisticated t...I heard the same "this is too sophisticated to be anything other than state sponsored" on NPR a couple of hours ago. I didn't catch the source for that nonsense (I was driving), but it is obviously utter nonsense.<br /><br />I'd be surprised (and a bit disappointed) if this really was IRI sponsored attack. I'd expect better from people who can bring down a drone.<br /><br />Cheers,<br /><br />-jJPGoldberghttps://www.blogger.com/profile/13464707043372692893noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-12402456547088415742013-01-09T18:17:33.938-05:002013-01-09T18:17:33.938-05:00FWIW I completely agree. These attacks started at ...FWIW I completely agree. These attacks started at the same time as protests over the film, the resources of a nation state are not necessary to launch this sort of attack, and the idea that a nation state would want to project power in the world by temporarily inconveniencing users of online banking services is very hard to believe. <br /><br />I have disagreed with your view on another DDOS incident that some people have attributed to state actors, but in that case there are a variety of specific reasons for that attribution (whether or not you think those reasons are compelling). In this case I see absolutely no reason to attribute this incident to a nation state. The argument that only a nation state could have launched such an attack is completely bunk and no other reasons have been offered.deciusnoreply@blogger.com