Fri Feb 11 17:41:46 PST 2000
Quoting Derek Vadala (firstname.lastname@example.org):
> anyone? anyone?
What a week.
First, we have a stream of DoS attacks by hijacked hosts against famous
(but not very important) Web sites -- which the press proves completely
incapable of comprehending and reporting correctly.
Second, we have boneheads at the FBI's National Infrastructure
Protection Center trying to milk the incident for publicity, hawking a
third-party's TRINOO/TFN scanner as a cure-all but incompetently omitting
his eminently available source code and documentation
Last, we have a self-serving press release by Zach Nelson, head of yet
another Network Associates, Inc. division aimed at nervous pointy-hairs,
being quoted as a news "story" by a lazy NewsBytes reporter -- which is
then hastily withdrawn. (The original "story" is still mirrored at
What does it mean?
1. NAI has a sordid history of inventing "facts" to promote its business
-- predictably, given how much of its business is founded on bypassing
executives' underdeveloped cerebral cortexes and appealing directly to
the flight reflex in their reptilian brainstems. See:
2. Genuine facts about the hijacked hosts used for the recent attacks
are difficult to come by, but the attack mode used is obviously usable
on any hijacked system posessing a TCP/IP stack.
3. It's _possible_ that the only hijacked hosts recently used run
Solaris and Linux -- but, if so, it's coincidental. (See point #2.)
4. The Slashdot community's reaction was thus somewhat overblown --
but the underlying so-called "story" from Newsbytes was more so.
5. NAI's nostrum at http://www.mycio.com/ -- a magic Web-based cureall
-- reflects the larger global problem of people running Internet hosts
and not only not knowing what they're doing, but also not _wanting_ to
learn. The only long-term remedy to the recent sorts of DDoS attacks is
general cluefulness and caution by sysadmins and backbone providers.
NAI (characteristically) is peddling fake cures for those unwilling to
grapple with reality.
6. The Newbytes editors' corrective action was commendable, even if
their explanation was slightly inaccurate: They cited "gross
inaccuracies", but it's more to the point that the article was a sleazy
commercial advertisement _posing_ as a news story.
Und so weider.
Cheers, Linux: It is now safe to turn on your computer.
rick (at) linuxmafia.com
More information about the linux-elitists