[lug] [rmiug-discuss] Sandia labs red team. (fwd)

Pete Krawczyk petek at bsod.net
Mon Aug 7 16:36:33 MDT 2000

Date: Mon, 7 Aug 2000 15:21:44 -0600 (MDT)
From: Wayde Allen <wallen at boulder.nist.gov>
Subject: [lug] [rmiug-discuss] Sandia labs red team. (fwd)

}I thought the following was kind of interesting.
}---------- Forwarded message ----------
}Subject: [rmiug-discuss] Sandia labs red team.
}No one is safe from this professional cracker team.   :-)
}The original news release can be found at
}  http://www.sandia.gov/media/NewsRel/NR2000/redteam.htm

Well, to be honest, that's not really fair.

They broke in or 'staged mock attacks' on 35 systems.  Which means that if
you read between the lines, the systems they couldn't attack they just hit
with a pretend Denial of Service attack and declared victory.  To be able
to stop a DoS takes a lot more than just what can be automated, especially
if it's a Distributed DoS attack.  (Although it's possible, the processing
power needed to do it right is overwhelming.)

To put it another way, at DefCon 1 year ago, there was a contest called
'Capture the Flag' (there was another one, but I didn't go this year)
which had people secure down specific servers (I think there were over 20)
and people tried to break in.  Of all those servers, over a 72 hour
period, with many of the best hackers and crackers around, only twice was
a server compromised.  So if anything, this team points out weaknesses in
the security policy of whoever they're trying to attack.

So basically, I can say that I could stage a mock attack on every router
on the Internet, creating the largest DoS, and voila, I've just
compromised 100% of those systems according to their definition.

I'm not trying to say that they're not doing valuable work.  Far from it.
Many companies are running out-of-the-box unpatched OS's on their servers,
without doing much to patch or secure these systems, making them easy
targets.  But this claim makes them sound like the ultimate crackers, and
I don't see it that way.

-Pete K
Pete Krawczyk
  petek at bsod dot net or pkrawczy at uiuc dot edu
  Finger pkrawczy at uiuc dot edu for PGP public key

More information about the LUG mailing list