From ssi@UPT.ORG Sat Sep 14 07:18:22 1996 Received: from us1.us.world.net (us1.us.world.net [192.243.32.153]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id HAA29368 for ; Sat, 14 Sep 1996 07:18:06 +1000 Received: from upt.org (ssi@upt.org [205.164.210.38]) by us1.us.world.net (8.7.5/8.7.3) with SMTP id OAA14522 for ; Fri, 13 Sep 1996 14:18:30 -0700 (PDT) Received: (from ssi@localhost) by upt.org (8.6.12/8.6.12) id OAA27574 for best-of-security@suburbia.net; Fri, 13 Sep 1996 14:03:52 -0700 Date: Fri, 13 Sep 1996 14:03:52 -0700 From: SSI Message-Id: <199609132103.OAA27574@upt.org> To: best-of-security@suburbia.net Subject: RealSecure [cklaus@iss.net said .......] >[Below we have a software tool that will recognize SYN floods and correct >the problem.] >Possible solution to SYN Flooding attacks >The attack is on! Both 2600 and Phrack, 2 of the biggest well-known >underground hacking magazines, have posted exploit code to do one of the >nastiest denial of service attacks that the Internet has seen so far. >Hundreds of people have access to these programs to bring down services on >the Internet. Mr. Klaus, It's curious that your timing with your release of RealSecure(tm) is markedly close to the release of Phrack Magazine issue 48 -- the very same issue which released the tools you are mentioning. However, there is something you are not mentioning which I think the public should know. One of the Editors and contributors to Phrack Magazine is also a software engineer for ISS. In fact David Meltzer (who goes by the handle of ReDragon) is an active organizer of hacker conventions and social functions. Over here, in the dim light of the 'underground' it seems very much like you are facilitating hackers with tools to commit SYN floods and then turning around selling a product to combat the problem. How slippery is that snake oil Mr. Klaus. Perhaps I am not driving this point home succinctly enough. If so, let me lay this out in a very clear format for public consumption: I feel it is highly suspicious that you should release tool for RST'ing SYN flooding attacks, at roughly the same time a hacker magazine (which one of your employees edits) releases code for the above mentioned attacks. >Many of these people are targeting their attacks at various >organizations such as ISP. Panix, an ISP, has been under attack for quite >a few days now and they have not been able to receive email. Many other >ISPs are suffering from the SYN flood attack. This attack is being >discussed on many mailing lists, newsgroups, and Thursday's Wall Street >Journal (9/12/96). Fortunately a solution already exists as we discuss >below. This is unfortunately true, and they most likely have you to thank Mr. Klaus. Were they your first customers as well? I am sure their gratitude is immense. I wonder if their benevolent view of you will hold, after they read this post. [ Remedial TCP/IP schooling deleted ] >RealSecure (tm) is a comprehensive attack recognition and real time response >tool that ISS is alpha testing and will expire in 60 days. -ssi