net said .......]
>[Below we have a software tool that will recognize SYN floods and correct
>Possible solution to SYN Flooding attacks
>The attack is on! Both 2600 and Phrack, 2 of the biggest well-known
>underground hacking magazines, have posted exploit code to do one of the
>nastiest denial of service attacks that the Internet has seen so far.
>Hundreds of people have access to these programs to bring down services on
It's curious that your timing with your release of RealSecure(tm)
is markedly close to the release of Phrack Magazine issue 48 -- the very same
issue which released the tools you are mentioning. However, there is
something you are not mentioning which I think the public should know.
One of the Editors and contributors to Phrack Magazine is also a software
engineer for ISS. In fact David Meltzer (who goes by the handle of ReDragon)
is an active organizer of hacker conventions and social functions. Over here,
in the dim light of the 'underground' it seems very much like you are
facilitating hackers with tools to commit SYN floods and then turning around
selling a product to combat the problem. How slippery is that snake oil
Perhaps I am not driving this point home succinctly enough. If
so, let me lay this out in a very clear format for public consumption:
I feel it is highly suspicious that you should release tool for RST'ing SYN
flooding attacks, at roughly the same time a hacker magazine (which one of
your employees edits) releases code for the above mentioned attacks.
>Many of these people are targeting their attacks at various
>organizations such as ISP. Panix, an ISP, has been under attack for quite
>a few days now and they have not been able to receive email. Many other
>ISPs are suffering from the SYN flood attack. This attack is being
>discussed on many mailing lists, newsgroups, and Thursday's Wall Street
>Journal (9/12/96). Fortunately a solution already exists as we discuss
This is unfortunately true, and they most likely have you to thank
Mr. Klaus. Were they your first customers as well? I am sure their gratitude
is immense. I wonder if their benevolent view of you will hold, after they
read this post.
[ Remedial TCP/IP schooling deleted ]
>RealSecure (tm) is a comprehensive attack recognition and real time response
>tool that ISS is alpha testing and will expire in 60 days.
From: Lord Soth <soth @