>On Wed, 10 Jan 1996, Doug Hughes wrote:
>> 2) the spoofing attack had not become common knowledge and widespread use
>> until this series of attacks was demonstrated. Papers had been around
>> for years on the potential for this, but, as I recall, until this time,
>> there weren't any hacker tools that were widely known about for exploiting.
>I agree, but the possibility is always there. If you are in the security
>business, then it pays to protect against everything possible, and not to
>underestimate your "adversaries."
>> Remember, (Not that this means anything but), the CERT advisory wasn't
>> published until 1/23 95 and the attacks took place over Xmas of '94.
>> To the best of my recollection, the sequence number randomizing (which
>> is MUCH harder to implement than the router rules that prevent spoofing)
>> wasn't available until January of '95 either.
>> Now, CERT is usually slow about announcing such things, but, the patch
>> was relatively simple to implement in a router, so, you'd think that
>> not long after they heard about it, it would be posted. Even the sites
>That doesn't necessarily mean anything. I've seen advisories come out
>from cert WELL after other advisories have come out on other mailing
>lists, with patches and everything.
No, it doesn't, but, on the other hand, can one defend against every 'possible'
attack that somebody has written a white paper on in the last 10 years?
In this case, the CERT, Bugtraq, CIAC, 8lgm, and all the other adivsories
that normally appear were all after the event in question, in my recollection.
(In fact, some of them never even had advisories.)
>I think my point is that Shimomura should not have underestimated Mitnick
>or anyone, especially since he KNEW that it was possible.
>Overconfidence? I don't know. Maybe Shimomura didn't even set up the
>security there and trusted it? I don't know. I just find it kinda ironic.
Possibly, but people can't be omniscient either. Perhaps it was a justifiable
oversite on some several year old information that he (and everyone else
I might add) thought wouldn't become and exploit script.
I'm just saying that there's a lot of speculation going on about if he
knew that the attack was actually occurring at the time. I think it started
becoming widespread (but not publicized) about November of '94. Most of
the people on the firewall list were unaware of it at that time as well.
I honestly don't know the answer, just pointing out plausible reasons.
Knowing it's possible is different than knowing it actually works and
is being used. It's possible that a meteor will hit my house, knowing
that, I could take precautions and try to build a really expensive bubble
and radar interfaced laser system around my house.
Now, this isn't exactly a fair comparision, since, defending against this
attack is usually REALLY easy.. :)
Well, I think I've said enough on the subject. Lots of speculation on
few facts. -Over and out
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
Pro is to Con as progress is to congress