Comega and I can't figure out why this guy mailed anyone other than me. Of course, I address this in an oh-so-polite fashion later on.
Date: Sun, 28 Jan 2001 02:58:59 -0600 From: M Reed Brooks (MReedB@hotmail.com) To: firstname.lastname@example.org Subject: Statements Made To ABCNews Dear Sir, I chose you to write to mainly because the staff page says you are the grand old man at attrition. I am writing in reference to the article on ABCNews, where Brian Martin made some statements: http://abcnews.go.com/sections/scitech/DailyNews/microsoft010126.html First, I am one of the global opers on the AT&T Undernet Server newbunswick.nj.us.undernet.org (irc2.att.net). I wish to emphasize I am writing on a personal basis though (I just like to brag). As you know, the undernet was hammered by sysop for over eight days, and I followed the details of the attack extremely closely. His attacks were very unique, allowing us to know exactly when it was him and not one of the several copy-cats that jumped on the bandwagon as time went by. He likes to use syn floods rather than smurfs for the main part, and he likes to be hands on on his attacks. Normally, they last around 10 minutes, and each "burst" is aimed at a single point, usually an upstream router of the hub he is trying to take out. He hits one point with these bursts for several hours, with short breaks between bursts (I think he shuts down to brag online, and assess the damage done). Then he switches to another hub, or sometimes he would hit the server of an oper directly "harassing" (glining his current host) him. Overall, though, 90%+ of his attacks were directed at the Baltimore NAP, which, at the time of his attacks, were hosting most of our services. I do not know how much you guys got told about the details of the attacks, but that is a general description. Due to his attacks, we went from 39 to 27 active servers, and have temporarily shut down our channel services bots, while our coders and network management specialists plot (we have them locked in the closet of a whorehouse in the redlight district of Amsterdam, with orders to create the equivalant of a packet-seeking H-Bomb tipped missle, heheh). But here is why I am writing. In every article I have read about these brute-strength, just overwhelm-em with packets, type attacks, I have read statements by the supposed "experts" where they are saying two things that irk me, as they are flat-out wrong. First is the fact that most of these attackers are geek teenage kids with no brains. Sure, a lot of them are. But the ones doing the serious hits? No way. They know exactly what they are doing, the best way to do it to ensure maximum results, and do serious planning before their attacks. Secondly, nobody seems to realize the sheer volume of bandwidth these kids now have. The Baltimore NAP was logging, AT THE ROUTER (ie we're just talking about the packets that actually got through, which is probably only a percetage of what was actually sent), of sustained FOURTY MEGABITS PER SECOND! Of course, for that much bandwidth to get through, the target has to be on a huge pipe or pipes in the first place. Sysop, for example, is using two main sources of bandwidth: 1) lots of edus, 2) an unbelievable number of cable and DSL boxes. I was told, as it was happening, while the Admin was watching the logs scroll madly, that he had given up trying to go back and manual count the number of hacked @home boxes sysop was using. So he installed a unique IP counter that filtered it down to a) packets of the type being used [syn flag set], and b) only IPs in @home's IP-space. He then showed over 400 unique IPs in a 5 minute period. He also told me that he estimated that was about 1/3 of the actual cable and DSL boxes sysop was using that night! So we are talking well over 1000 hacked boxes being used by one person alone. I do not understand why Brian is not emphasizing this problem, and I do not understand why Brain is making out people like sysop to be so stupid that they could not glom onto the fact that MS was running all their DNS servers at one location, making it a great target to attack. I did - immediately! Especially after it had just been done; facts kind of spoke for themselves! I urge you and your staff to tell these brainless reporters, in words they can understand, the scope of the problem being faced, and just how far out of hand it has become. Tell them that the "kiddies" causing most of the damage are very sharp individuals who have literally thousands of hacked boxes at their disposal. NOT ONCE have I ever heard a supposed expert state that these kids have thousands of hacked boxes at their disposal. Why? To me its like saying, in the middle of a theater fire, where the fire has consumed a quarter of the building, "We cannot tell people there is a fire. It would cause panic!" [Thirty seven lines of reply deleted...] So tell Brian to grow some hair and tell these reporters the scope of the problem. I know it won't do a damn bit of good, but still, my respect for attrition would return to normal. For the most part, I think you guys are great :-) You just need to grow some hair, is all, and not be afraid to tell them the truth. [Sixty seven lines of reply deleted...] Keep up the good work guys! People like me rely on you and we believe every word you say! Scary eh? Not MReedB (maybe)
From: security curmudgeon (email@example.com) To: firstname.lastname@example.org Cc: Cancer Omega (email@example.com) Date: Sun, 28 Jan 2001 18:09:32 -0700 (MST) Subject: Re: Statements Made To ABCNews (fwd) : ---------- Forwarded message ---------- : Date: Sun, 28 Jan 2001 02:58:59 -0600 : From: M Reed Brooks
: To: firstname.lastname@example.org : Subject: Statements Made To ABCNews : : Dear Sir, : : I chose you to write to mainly because the staff page says you are the : grand old man at attrition. I am writing in reference to the article on : ABCNews, where Brian Martin made some statements: : http://abcnews.go.com/sections/scitech/DailyNews/microsoft010126.html Hi there. I'm probably going to keep this pretty brief and to the point as I don't think you have any concept of who I am, or what I have done in the past. That said, I'd first like to quote one little piece of your mail before I get started. "So tell Brian to grow some hair and tell these reporters the scope.." I find this terribly amusing and ironic, that you won't even mail me with your comments, and instead choose to mail someone else at attrition with them. In the future, could YOU grow some hair and address the correct person if you have a gripe? : First, I am one of the global opers on the AT&T Undernet Server : newbunswick.nj.us.undernet.org (irc2.att.net). I wish to emphasize I am : writing on a personal basis though (I just like to brag). As you know, the I've heard your name before. You may know xxxxx xxxxx, also an Undernet op. I work with him. : But here is why I am writing. In every article I have read about these : brute-strength, just overwhelm-em with packets, type attacks, I have read : statements by the supposed "experts" where they are saying two things that : irk me, as they are flat-out wrong. First is the fact that most of these : attackers are geek teenage kids with no brains. Sure, a lot of them are. Uh.. you seem to be missing something here. "Most of these attackers.." and then you say "a lot of them are". That is saying the same thing, slightly different words. For the most part, DoS kiddies are geek teens with no brains. Sure, there are some that are smarter, older, and know something about networking, but that is the minority. I've read down a little, so I'll go ahead and clear something up here. Apparently you are completely unfamiliar with how news articles and reporters work. You can explain everything in excruciating detail to a reporter, write a book, call them, beat them with a bat, and in the end, you will likely get a "sound byte" quote in the article. All of attrition staff is very familiar with this. One of our battles over the past two years is helping journalists realize which quote is best to pick for the article. That while one may sound better, it is out of context or doesn't paint a good picture of what was really said. If you ever have a problem with something said in a news article like the one you are quoting, you should bring up that issue with the journalist first, as I can assure you, a LOT more was said. : But the ones doing the serious hits? No way. They know exactly what they : are doing, the best way to do it to ensure maximum results, and do serious And they are in the minority. : planning before their attacks. Secondly, nobody seems to realize the sheer : volume of bandwidth these kids now have. The Baltimore NAP was logging, AT Nobody? I sure do. As do most of the people quoted in these articles. Would you step back from techno geek heaven and look at reality please? In a 1000 word article that talks about DoS attacks, do you think they have enough time or space to really explain anything? Or that Joe Consumer knows what a T3 or 100 megabits really means? No. So they don't print it. Even if the expert and the journalist know what it means. : I do not understand why Brian is not emphasizing this problem, and I do : not understand why Brain is making out people like sysop to be so stupid : that they could not glom onto the fact that MS was running all their DNS I do not understand why you are so blind and unable to read the article. At what point am I talking about Sysop.. ONE PERSON. Where do you see the JOURNALIST addressing the resources of the attacker? Please quote to me exactly where the journalist asked ME about *sysop* or *his resources* or the resources of MOST DOS kiddies or SOME DOS kiddies. When you realize that he didn't, kindly get a grip and spend your clearly abundant time whining to someone else. Guh. You mind if I mail you everytime I have a problem with EFNet? : I urge you and your staff to tell these brainless reporters, in words they : can understand, the scope of the problem being faced, and just how far out : of hand it has become. Tell them that the "kiddies" causing most of the I urge you to read the Attrition pages, especially the 'errata' section. I further encourage you to read any of the other thirty articles I am quoted in and realize that I make a very concerted effort to do exactly what you are saying. Last, I encourage you to interact with jouranlists and learn how it works. That in many cases it is even beyond their control as editors can change things last minute. : boxes at their disposal. NOT ONCE have I ever heard a supposed expert : state that these kids have thousands of hacked boxes at their disposal. : Why? To me its like saying, in the middle of a theater fire, where the Why? Because it hasn't been asked of us? Or if it has, it wasn't printed in the article? Or maybe read back to the feb DDOS articles and realize that it was said, or at least brought up that it COULD be such. : So tell Brian to grow some hair and tell these reporters the scope of the : problem. I know it won't do a damn bit of good, but still, my respect for : attrition would return to normal. For the most part, I think you guys are : great :-) You just need to grow some hair, is all, and not be afraid to : tell them the truth. Hrm. I really did ponder how to respond to this. This is what I ended up with. Fuck you. You are such a complete moron it hurts me to type this. "i know it won't do a damn bit of good". Uh, then suggest something that WILL. Don't presume yourself important enough to tell me how to deal with journalists only to tell me it will be a waste of time. Or waste your eighteen page rants on the journalists since the problem lies there. I can NOT believe you sent all this shit to Comega, all over one fucking quote in one article by me. You say you don't respect attrition, yet you are an Undernet IRC op. Oh please, pot kettle black anyone? Because of one soundbyte in one article made by one staff member, your respect for attrition is somehow lowered? No wonder I hate the undernet and the asshole fascist administators of it. You undernet irc admins breed the script kiddies you whine about. You administrate one of the most fascist IRC networks out there, and whine about others having control? How does that work. [part of my reply snipped..] : DO what you will with this information. I figured that since you track : these dudes, who better to send the info to. Maybe it will help you in Since when do we track these dudes? We track web defacement, nothing more. If you would actually READ our pages and quit making all these ass backwards assumptions, you would save yourself a lot of time. : fact, and I am flatout stating I have zero proof of anything I say (or I : am not going to provide any proof, at any rate). In fact, I did not even : write this letter. 14+ people have access to this box, so it was probably : one of them. In fact, I know it was one of them, since I did not write What was that about ME growing some hair? Hypocrite. Can't even take responsibility for one piece of email, yet you passingly jump down my throat for one quote? Guh. [part of my reply snipped..] : Keep up the good work guys! People like me rely on you and we believe : every word you say! Scary eh? What? You just said you had a low opinion of us, remember? Please, don't reply to this. If you mail any of us in the future, make sure you educate yourself a bit more on who we are, what we do, and what we have done in the past. Mail like this is extremely offensive and counter productive to everything you seek to do. Spend your time more wisely.