I think this will be an interesting tool. Perhaps by determining which attacks are more frequent in certain regions, people can determine which networks might be missing certain patches? Or parts of the world?
They were dumb for hating me because I knew more about the newest technology. Why would people hate you for knowing something they dont? I was willing to learn from them and show them what I new. They wouldnt hear of it. Nope, SMTP was not thrown in. There was 1 admin there who knew how sendmail worked. The entire network was TCP/IP. I dont know many UNIX networks that speak IPX. Sorry dont know what ecn is guess I am going stale myself. =)
Actually I am well respected at work. Because I demonstrated my skills early on people realized I knew my stuff. I think in most places if you keep your cool and act mature, do your work well repect will come your way. If not just get another job, you will probably get a better salary anyway.
I am 25 years old also, with 3 years of comp sci college and about 7 years of unix experience. close to 5 years of unix security. I am pulling down 80k a year as a sr unix admin. I am finding that companies are looking for people with real experience and some college background. I have turned down an IT management positon at 90k a year simply because I felt I didnt have enough life experience to be managing people 10-15 years old that I. Plus I like the tech stuff =) I have been treated like crap before, mostly because people were intimidated by what I knew. These people had been working with UNIX for 10-15 years but knew nothing about computer security, Apache, HTML, SMTP, TCP/IP, Perl,C etc.. They were dumb. The smart ones recognized my youth and understanding of newer technologies and wanted to learn from me. I learned from them more refined Solaris skills and they learned from me how to secure a server, setup a web server and start writing in HTML. I think it depends on what type of people you work with.
We actually tested this here with a default install and a basic firewall setup. What we thought a user who just wanted to be a user and not anything more would do. It worked quite well, the host had all ports filtered. incomming UDP/TCP. ICMP still worked.
If he knew the details of such an attack, he would also know the severity. How does a "not very technical" person outline a DDoS attack. You have to have a decent understanding of TCP/IP.
And the behavior of ICMP protocols. I cant imagine someone who has been using the internet for a few years to surf and email understanding what mixter wrote in his papers. What normal users do you know of bought a book on TCP/IP and even know what ICMP stands for? No one I know.
Re:I want to smack the guy who wrote this article
on
Microsoft's DNS Down
·
· Score: 1
Some of us dont depend on it at all. Like UNIX Administrators, but I would be upset too if sunsolve was down and I wanted to grab the latest patch cluster.
My wife and I started limiting electricty consumption even more so with the crisis. I would turn stuff off all the time but now what ever isnt being used gets shut off. We lowered the refridgerator setting and freezer setting by 1. Used to be 7 now 6. Heat is at 64 degrees, for when it dips at night. Now if california houses had the same R rating as houses on the east coast I think they would be more heat/ac efficent. As soon as the heat goes off, it gets cold. It disapates quickly because the insulation is probably R6 here. It is R12 I think on the east coast. (12" of insulation.)
Anyway our electric bill was 43.00 this month down from 53 last month.
My wife and I live in San Diego. During the day the only thing running is the computer and the fridge. We have been trying to keep our power consumption low. It will stink if we loose power, cause my server will go down. (its a 586.)
Where I work we are shutting down all the desktops now. During the day we are only using half the overhead lights to cut power.
The problem is the attacking IP addresses are probably spoofed. The only way to get to the target host is to trace the packets back though each router until your 1 hop away from the attacking host.
Just because you never detected a breakin does not mean you have'nt been broken into. So you know every service open on your large network? Lets say 3000 machines? So your saying you have hand setup, configured and installed each and every machine on that network? There is no possible way that anyone could have enabled a service you dont know about? Every single machine has been patched and audited for security holes? For every version, architechture out there?
What I think should be done is the advisory should contain all of the details. There should be a link back to the posters site where they will be updating the advisory. They should also let vuldb@securityfocus know as well.
Does anyone remember the disc guns you could/can get? that shot those floresent discs? I wanted to build a cannon one of those that fired AOL disks. It should be pretty easy, the firing mechanism would be a big spring, the barrel could just be a wooden box/trough [__]. The hardest part would be getting the large spring and not killing your self with it.
Remember this is just a kid. I am quite impressed with his knowledge of Security and UNIX.
He is 14 and he knows more than some of the Certified people I have worked with.
Has anyone heard anything about a break through in AI recently? I havent. So what is supposed to make us think that these people have actually achieved it? And why would you market it as a novelty item? Like.. "Wow I just created the first self-aware computer, I know lets put it in a big plastic case and let the average joe taunt it and poke it with sharp sticks.." Sure...this article is a load. It is just a marketing ploy for a athalon box with some lame software installed.
Our entire comapany uses exchange, and it sucks. About 300 + people I guess. It is SLOW and we are running it on Dual pentium Dell servers. 500mhz each? 1 gig of ram. It takes sometime from 30 seconds to 2 minutes for me to get my mail in the morning. Plus the fact there are no MAPI clients for our linux desktops. The interface annoys me personally it has to many bells an whistles that no one would ever use. (who needs an email time line?) that makes the software a pig.
They really should attach a rocket to that thing and just send it off into space. A 140 tons crashing through the atmospehere..that should be pretty. Full of fungus and radioactive material.
Maybe they could blow it up instead? About 50lbs of C4 would help.
I place the blame on the administrators. IIS can be made secure if the proper steps are taken. Apache.org was defaced because of a misconfiguration. People just need to be more carefull and take steps to secure and maintain security on there site.
Slashdot Mirror
I think this will be an interesting tool. Perhaps by determining which attacks are more frequent in certain regions, people can determine which networks might be missing certain patches? Or parts of the world?
Does his site still exist? Does anyone have a link? or a google cache?
Got it, pops.
;)
They were dumb for hating me because I knew more about the newest technology. Why would people hate you for knowing something they dont? I was willing to learn from them and show them what I new. They wouldnt hear of it. Nope, SMTP was not thrown in. There was 1 admin there who knew how sendmail worked. The entire network was TCP/IP. I dont know many UNIX networks that speak IPX. Sorry dont know what ecn is guess I am going stale myself. =)
Actually I am well respected at work. Because I demonstrated my skills early on people realized I knew my stuff. I think in most places if you keep your cool and act mature, do your work well repect will come your way. If not just get another job, you will probably get a better salary anyway.
I am 25 years old also, with 3 years of comp sci college and about 7 years of unix experience. close to 5 years of unix security. I am pulling down 80k a year as a sr unix admin. I am finding that companies are looking for people with real experience and some college background. I have turned down an IT management positon at 90k a year simply because I felt I didnt have enough life experience to be managing people 10-15 years old that I. Plus I like the tech stuff =) I have been treated like crap before, mostly because people were intimidated by what I knew. These people had been working with UNIX for 10-15 years but knew nothing about computer security, Apache, HTML, SMTP, TCP/IP, Perl,C etc.. They were dumb. The smart ones recognized my youth and understanding of newer technologies and wanted to learn from me. I learned from them more refined Solaris skills and they learned from me how to secure a server, setup a web server and start writing in HTML. I think it depends on what type of people you work with.
We actually tested this here with a default install and a basic firewall setup. What we thought a user who just wanted to be a user and not anything more would do. It worked quite well, the host had all ports filtered. incomming UDP/TCP. ICMP still worked.
If he knew the details of such an attack, he would also know the severity. How does a "not very technical" person outline a DDoS attack. You have to have a decent understanding of TCP/IP.
And the behavior of ICMP protocols. I cant imagine someone who has been using the internet for a few years to surf and email understanding what mixter wrote in his papers. What normal users do you know of bought a book on TCP/IP and even know what ICMP stands for? No one I know.
Some of us dont depend on it at all. Like UNIX Administrators, but I would be upset too if sunsolve was down and I wanted to grab the latest patch cluster.
I want a free Linux MAPI client, so I can DUMP this horrid outlook.
My wife and I started limiting electricty consumption even more so with the crisis. I would turn stuff off all the time but now what ever isnt being used gets shut off. We lowered the refridgerator setting and freezer setting by 1. Used to be 7 now 6. Heat is at 64 degrees, for when it dips at night. Now if california houses had the same R rating as houses on the east coast I think they would be more heat/ac efficent. As soon as the heat goes off, it gets cold. It disapates quickly because the insulation is probably R6 here. It is R12 I think on the east coast. (12" of insulation.)
Anyway our electric bill was 43.00 this month down from 53 last month.
My wife and I live in San Diego. During the day the only thing running is the computer and the fridge. We have been trying to keep our power consumption low. It will stink if we loose power, cause my server will go down. (its a 586.)
Where I work we are shutting down all the desktops now. During the day we are only using half the overhead lights to cut power.
The problem is the attacking IP addresses are probably spoofed. The only way to get to the target host is to trace the packets back though each router until your 1 hop away from the attacking host.
I log them and put them up on the web for all to see.
vapid.betteros.org
Just because you never detected a breakin does not mean you have'nt been broken into. So you know every service open on your large network? Lets say 3000 machines? So your saying you have hand setup, configured and installed each and every machine on that network? There is no possible way that anyone could have enabled a service you dont know about? Every single machine has been patched and audited for security holes? For every version, architechture out there?
I am amazed.
It does create however a single point of failure. I think the information should be posted to both places.
What I think should be done is the advisory should contain all of the details. There should be a link back to the posters site where they will be updating the advisory. They should also let vuldb@securityfocus know as well.
Does anyone remember the disc guns you could/can get? that shot those floresent discs? I wanted to build a cannon one of those that fired AOL disks. It should be pretty easy, the firing mechanism would be a big spring, the barrel could just be a wooden box/trough [__]. The hardest part would be getting the large spring and not killing your self with it.
Remember this is just a kid. I am quite impressed with his knowledge of Security and UNIX.
He is 14 and he knows more than some of the Certified people I have worked with.
Has anyone heard anything about a break through in AI recently? I havent. So what is supposed to make us think that these people have actually achieved it? And why would you market it as a novelty item? Like.. "Wow I just created the first self-aware computer, I know lets put it in a big plastic case and let the average joe taunt it and poke it with sharp sticks.." Sure...this article is a load. It is just a marketing ploy for a athalon box with some lame software installed.
Our entire comapany uses exchange, and it sucks. About 300 + people I guess. It is SLOW and we are running it on Dual pentium Dell servers. 500mhz each? 1 gig of ram. It takes sometime from 30 seconds to 2 minutes for me to get my mail in the morning. Plus the fact there are no MAPI clients for our linux desktops. The interface annoys me personally it has to many bells an whistles that no one would ever use. (who needs an email time line?) that makes the software a pig.
Your company will be sorry.
They really should attach a rocket to that thing and just send it off into space. A 140 tons crashing through the atmospehere..that should be pretty. Full of fungus and radioactive material.
Maybe they could blow it up instead? About 50lbs of C4 would help.
They did exactly this after they got skynet online in the terminator movies.. Neat huh..or maybe not?
What if the sphere were light weight? Or if they could match the weight of the sphere to the weight of the occupant?
I place the blame on the administrators. IIS can be made secure if the proper steps are taken. Apache.org was defaced because of a misconfiguration. People just need to be more carefull and take steps to secure and maintain security on there site.