On Wed, 10 Jan 1996, Doug Hughes wrote:
> 2) the spoofing attack had not become common knowledge and widespread use
> until this series of attacks was demonstrated. Papers had been around
> for years on the potential for this, but, as I recall, until this time,
> there weren't any hacker tools that were widely known about for exploiting.
I agree, but the possibility is always there. If you are in the security
business, then it pays to protect against everything possible, and not to
underestimate your "adversaries."
> Remember, (Not that this means anything but), the CERT advisory wasn't
> published until 1/23 95 and the attacks took place over Xmas of '94.
> To the best of my recollection, the sequence number randomizing (which
> is MUCH harder to implement than the router rules that prevent spoofing)
> wasn't available until January of '95 either.
> Now, CERT is usually slow about announcing such things, but, the patch
> was relatively simple to implement in a router, so, you'd think that
> not long after they heard about it, it would be posted. Even the sites
That doesn't necessarily mean anything. I've seen advisories come out
from cert WELL after other advisories have come out on other mailing
lists, with patches and everything.
I think my point is that Shimomura should not have underestimated Mitnick
or anyone, especially since he KNEW that it was possible.
Overconfidence? I don't know. Maybe Shimomura didn't even set up the
security there and trusted it? I don't know. I just find it kinda ironic.