From: R. DuFresne (dufresne@sysinfo.com)
Date: Tue Jul 10 2007 - 11:30:56 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No, it's about resource exhaustion. Now there are various resources that
can be exhausted, the first being the width/breadth of the pipe, others
being memory, storage space, the tcp/ip stack, etc.
There have been some pretty large sites/companies that have suffered
denial of service attacks, some so sever they have been knocked out of
business. It's just the nature of the game...
Thanks,
Ron DuFresne
On Mon, 9 Jul 2007, Jay wrote:
> I often fine it interesting that folks make comments that few if any exist of any item just because they have no experience or the clients they deal with fail to effectively plan for Disaster Recovery or Business Continuity. There are thousands of Nodes that are resilent enough to resist different levels of DOS. It may be important to know if it would take several thousand or several million connections to take them offline. Its about threshhold assessment.
>
> After looking at the fine Web Design that sysinfo.com has though I guess I shouldnt be surprised by your short sightedness or your DUH.
>
> Nice spining animated .GIF from the 80's.
Yes, it's been about that long since I put any real work into the site
son.
>
> Jay
>
> ----- Original Message -----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> To: jay.tomas@infosecguru.com
> Cc: jnferguson@gmail.com,pen-test@securityfocus.com,pen-test-return-1078484493@securityfocus.com
> Sent: Fri, 6 Jul 2007 16:36:43 -0400 (EDT)
> Subject: Re: rose fragmentation attack
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 27 Jun 2007, Jay wrote:
>
> [SNIP]
>
>>
>> Its better they know they are susceptable to DoS in a penetration test vs. when their site is offline for hours/days when a botnet comes a knocking.
>>
>
>
> I don't know, I take that statement as kinda a DUH! There are few if any
> sites that are not susceptable to DoS. And there are few if any sites
> that have a real, full, replicated mirror of their network in place to do
> an exact test of their production setup.
>
>
>
>
> Thanks,
>
> Ron DuFresne
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
> -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFGjqfest+vzJSwZikRAjbXAJ9eXVgl2upIkPjeKQymXOWbOPwUSACg0YhE
> CdXfur2SOGpe32rIdHpVvSw=
> =KCnF
> -----END PGP SIGNATURE-----
>
>
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFGk6Yzst+vzJSwZikRAnm+AKDVQzy+6+dnWW4CY+QD5Ix3kjsCnACgs61z
ldg1Dddil8ANLWJObNov0P4=
=TgiO
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT