From: R. DuFresne (dufresne@sysinfo.com)
Date: Thu Jun 24 2004 - 20:09:53 EDT
On Thu, 24 Jun 2004, Jerry Shenk wrote:
> He SPECIFICALLY excluded DDOS. Of course, if you sit in on the network
> with a battery of laptops and find a few amplifiers internally, you can
> do a DDOS...that's why he excluded it. In fact, it was the VERY NEXT
> sentence after the first sentence you snipped out. How about some more
> basic DOS attempts. Doing that type of thing internally doesn't seem
> very practical to me.
>
> Now, about doing a DOS in a penetration test or vulnerability
> assessment...sure, it makes sense.
>
>
Cool, now define for me specifically how a resource exhaustion or
'packeting' a network or system is different then a 'DOS'. We know few if
any inetd's can withstand much pounding, it;s been an issue since before
the 1990's, a resource exhaustion or perhaps a form of 'buffer overflow'.
but, what exactly is a DOS without heavy packeting <bandwidth exhaustion>
or exhausting system resources? We all deal with limits, I'm seriouslyy
interested in the differences in the definitions here.
Thanks,
Ron DuFresne
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT