My comments are in brackets ""
------- Forwarded Message Follows -------
Date: Fri, 13 Sep 1996 14:03:52 -0700
From: SSI <ssi @
To: best-of-security @
Subject: BoS: RealSecure
net said .......]
>[Below we have a software tool that will recognize SYN floods and
>correct the problem.]
>Possible solution to SYN Flooding attacks
>The attack is on! Both 2600 and Phrack, 2 of the biggest well-known
>underground hacking magazines, have posted exploit code to do one of
>the nastiest denial of service attacks that the Internet has seen so
>far. Hundreds of people have access to these programs to bring down
>services on the Internet.
It's curious that your timing with your release of RealSecure(tm) is
markedly close to the release of Phrack Magazine issue 48 -- the very
same issue which released the tools you are mentioning. However, there
is something you are not mentioning which I think the public should
One of the Editors and contributors to Phrack Magazine is also a
software engineer for ISS. In fact David Meltzer (who goes by the
handle of ReDragon) is an active organizer of hacker conventions and
social functions. Over here, in the dim light of the 'underground' it
seems very much like you are facilitating hackers with tools to commit
SYN floods and then turning around selling a product to combat the
problem. How slippery is that snake oil Mr. Klaus.
[Yes, you are correct.It is a conspiracy. ISS, myself, and almost all of
[these lists are involved. You see, "ssi", we ARE the ILLUMINATI!! You
[have found us out. Now your own foolishness will be your demise, for
[members of the illuminati will be visiting you to make sure that our
[secret does not get let out!! SSI, we know where you live!]
I feel it is highly suspicious that you should release tool for
RST'ing SYN flooding attacks, at roughly the same time a hacker
magazine (which one of your employees edits) releases code for the
above mentioned attacks.
[Dude, these attacks have been around for quite some time (years).
[Coincidence is coincidence. Period. Just check out 117.ps and ipext.ps
[on various security sites. These mention this. So does the Cheswick and
[Bellovin book. SYN Flooding is an integral comnponent of IP SPoofing
[(for the most part). This is nothing new. Get a grip.]
>Many of these people are targeting their attacks at various
>organizations such as ISP. Panix, an ISP, has been under attack for
>quite a few days now and they have not been able to receive email.
This is unfortunately true, and they most likely have you to thank
Mr. Klaus. Were they your first customers as well? I am sure their
gratitude is immense. I wonder if their benevolent view of you will
hold, after they read this post.
[I think that this borders on libel or slander. This is dangerous
[territory. Do you really want to go there?]
[BTW, your insult of "Remedial TCP/IP tutorial" is quite childish. If
[you were so familiar with TCP/IP Security issues then you would have
[known that this type of attack (SYN Flooding) is nothing new. You point
[out "underground" sources as far back as (GASP!) 6 months. However, you
[fail to point out the security industry sources that have been around for
[years. Is this out of ignorance or selectivity to support you point?]
[Talk about conspiracies... ISS, SSI (your username). Hmmm...]