• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

NK did not hack sony, according to security experts

:lamo

Didn't need the FBI to tell us who was responsible, sysadmins already knew.

Once again, please explain to us how a sys admin can determine the geographic location where a hack originated.

Take all the space you need.
 
Who needs the FBI ot NSA then? You've got all figured out! You must be a real genius!



Genius is massive overstatement.

clownboy apparently doesn't even know the basics of TCP/IP, or he would know how easy it is to spoof the source IP address of a TCP/IP session w/the use of external proxies.
 
Don't blow nonsense. I'm a good sysadmin who knows my trade, but I'm not the best. This isn't rocket science, not at the level you're talking about.

Nothing's ever as simple as it appears without all the information. Unless you're privy to all the details of this situation YOU could be blowing nonsense for all I know.
 
Last edited:
:lamo

Didn't need the FBI to tell us who was responsible, sysadmins already knew. And this has nothing to do with conservative or liberal, it has to do with knowing what the hell you're talking about.

You don't know what the hell you're talking about or you wouldn't make ridiculous statements like "any decent network admin can tell you the source of the DDOS traffic hitting them."
 
Genius is massive overstatement.

clownboy apparently doesn't even know the basics of TCP/IP, or he would know how easy it is to spoof the source IP address of a TCP/IP session w/the use of external proxies.

Correct. All kinds of software out there that can bounce your IP address all over the globe.
 
Please explain to us how one can determine the source of a TCP SYN flood attack. That's what you claimed in your post.

Here's a good start in your education.

How to Trace a DDOS Attack

After writing out the botnets at the router level it's the job for the NOC (Network Operating Center) folks to shut down the zombie army controllers (like generals in the army vein). At this point it's possible to peek into the traffic controlling the generals. That's typically your source. You can't always get it down to precise location, but you can get the country/region. Packet sniffers help.
 
Here's a good start in your education.

How to Trace a DDOS Attack

After writing out the botnets at the router level it's the job for the NOC (Network Operating Center) folks to shut down the zombie army controllers (like generals in the army vein). At this point it's possible to peek into the traffic controlling the generals. That's typically your source. You can't always get it down to precise location, but you can get the country/region. Packet sniffers help.

Yeah piece of cake even against a determined adversary that is determined to prevent standard protocols from working. Sure...
 
You don't know what the hell you're talking about or you wouldn't make ridiculous statements like "any decent network admin can tell you the source of the DDOS traffic hitting them."

Interesting, I must be a genius then, as are the many other sysadmins I communicate regularly with. You know, in one hand I have what you are saying, and in the other I have what I have been doing for the last 10+ years. They are at odds. Which do I believe?

Maybe the next attack I mitigate and investigate I'll go, "gee, maybe solletica was right" and quit my job.
 
Last edited:
Nothing's ever as simple as it appears without all the information. Unless you're privy to all the details of this situation YOU could be blowing nonsense for all I know.

Indeed, didn't say it was simple, just intimated it's not beyond knowing if you know what the hell you're doing.
 
Here's a good start in your education.

How to Trace a DDOS Attack

After writing out the botnets at the router level it's the job for the NOC (Network Operating Center) folks to shut down the zombie army controllers (like generals in the army vein). At this point it's possible to peek into the traffic controlling the generals. That's typically your source. You can't always get it down to precise location, but you can get the country/region. Packet sniffers help.

Proxy chaining allows sophisticated attackers to hide behind so many layers that its basically impossible to find them.
 
Proxy chaining allows sophisticated attackers to hide behind so many layers that its basically impossible to find them.

Agreed. And as a note for those who chimed in about proxy servers, this isn't a single proxy, but a complex chain of random switching involving a great number of proxies. However, I've seen no evidence thus far that was the case here (I've been following on ARS and a couple security sites). That's a fairly deep attack. However, the big boys have predictive sniffers that can now follow the chain to the author. It's not the shield the movies and TV like to show.
 
Here's a good start in your education.

How to Trace a DDOS Attack

I read it, and nowhere in that article does it say how the sys admin of the network under attack can trace the geographic origin of a TCP SYN flood, and that's what you claimed in your post.

It only states that the ISPs of the residences where there are botnet infected PCs can determine if these attacks are originating from their members' PCs., which is already known.

After writing out the botnets at the router level it's the job for the NOC (Network Operating Center) folks to shut down the zombie army controllers (like generals in the army vein). At this point it's possible to peek into the traffic controlling the generals. That's typically your source. You can't always get it down to precise location, but you can get the country/region. Packet sniffers help.

WRONG. The ISPs who provide Internet service to the owners of the botnet-infected computers can determine the precise location of the attacks since they can examine the MAC address of the transporting ethernet packets hitting their routers, and the MAC addresses trace back to customer cable modems.

What is not possible is for a sys admin of a network under a TCP SYN flood attack to track down the ISPs where the TCP SYN packets originated--your assertion, and so. . .you're wrong.
 
I read it, and nowhere in that article does it say how the sys admin of the network under attack can trace the geographic origin of a TCP SYN flood, and that's what you claimed in your post.

It only states that the ISPs of the residences where there are botnet infected PCs can determine if these attacks are originating from their members' PCs., which is already known.

WRONG. The ISPs who provide Internet service to the owners of the botnet-infected computers can determine the precise location of the attacks since they can examine the MAC address of the transporting ethernet packets hitting their routers, and the MAC addresses trace back to customer cable modems.

What is not possible is for a sys admin of a network under a TCP SYN flood attack to track down the ISPs where the TCP SYN packets originated--your assertion, and so. . .you're wrong.

That would have to be one hell of a sysadmin, lmao.
 
I read it, and nowhere in that article does it say how the sys admin of the network under attack can trace the geographic origin of a TCP SYN flood, and that's what you claimed in your post.

It only states that the ISPs of the residences where there are botnet infected PCs can determine if these attacks are originating from their members' PCs., which is already known.



WRONG. The ISPs who provide Internet service to the owners of the botnet-infected computers can determine the precise location of the attacks since they can examine the MAC address of the transporting ethernet packets hitting their routers, and the MAC addresses trace back to customer cable modems.

What is not possible is for a sys admin of a network under a TCP SYN flood attack to track down the ISPs where the TCP SYN packets originated--your assertion, and so. . .you're wrong.

Okay, I'll inform the folks working at our NOC that they have been wrong all these years and solletica says so. Our ISPs might want to hear that news as well. Man, a lot of us are going to be out of jobs. :lamo:lamo
 
in spite of the fact that ex. perts in computer security have repeatedly denied that NK could be culprit.

Hence, the conservative mindset: "I believe whatever the US govt. tells me--it's the Divine Truth, even if it contradicts the statements of experts."[/QUOTE]
You do realize that quite a few experts work for the FBI don't you.
What we have here is one group of experts who have seen all the evidence saying and another group of experts who have not seen all of the evidence saying something else.
Only time will tell who is right but let's not pretend this is something other than what it is.

That is if you can keep your partisanship in check long enough.
 
You do realize that quite a few experts work for the FBI don't you.
What we have here is one group of experts who have seen all the evidence saying and another group of experts who have not seen all of the evidence saying something else.
Only time will tell who is right but let's not pretend this is something other than what it is.

That is if you can keep your partisanship in check long enough.

Actually you have the FBI experts saying it did come from NK and a few outside experts saying maybe it did, maybe it didn't, we don't know because we don't have all the data, AND you have a whole bunch of armchair computer experts outstanding in their living rooms saying it didn't.
 
in spite of the fact that ex. perts in computer security have repeatedly denied that NK could be culprit.

Hence, the conservative mindset: "I believe whatever the US govt. tells me--it's the Divine Truth, even if it contradicts the statements of experts."
You do realize that quite a few experts work for the FBI don't you.

Those experts don't speak on the FBI's behalf--the director and/or the attorney general does, and those (latter) people can easily lie.

What we have here is one group of experts who have seen all the evidence saying and another group of experts who have not seen all of the evidence saying something else.

No, what we have are statements from the US govt's spokespeople vs. statements from independent computer security experts.

And those independent folks have much more credibility since they don't have a reputation of repeatedly lying like the US govt.
 
Okay, I'll inform the folks working at our NOC that they have been wrong all these years and solletica says so. Our ISPs might want to hear that news as well. Man, a lot of us are going to be out of jobs. :lamo:lamo

No they won't--the standards for basic run-of-the-mill sys admins is pretty low--most don't even know what a TCP SYN packet is :rolleyes:
 
No they won't--the standards for basic run-of-the-mill sys admins is pretty low--most don't even know what a TCP SYN packet is :rolleyes:

Yeah right, the NOCs are overflowing with basic run of the mill types who don't know what you do. I'd agree with you where it comes to ISP sysadmins though.
 
Last edited:
And those independent folks have much more credibility since they don't have a reputation of repeatedly lying like the US govt.

And just how do you know this? I agree that the Director and Atty gen will lie at the drop of the political hat, but how do you know the independent researchers have more credibility?
 
tin_foil_hat.gif
 
Those experts don't speak on the FBI's behalf--the director and/or the attorney general does, and those (latter) people can easily lie.

No, what we have are statements from the US govt's spokespeople vs. statements from independent computer security experts.

And those independent folks have much more credibility since they don't have a reputation of repeatedly lying like the US govt.

Those independent gurus also don't have the critical information they need to make a definitive determination. Everything I've read these outside guys are questioning the story based on the scant evidence they have, not explicitly claiming they have proof the official story is untrue. I'd imagine they're pressuring for more information to be released so that they can take a look for themselves.
 
They don't. The conservative posters here have (predictably) been going on and on about how NK must have been responsible for the hack simply because the FBI told them so,

in spite of the fact that experts in computer security have repeatedly denied that NK could be culprit.

Hence, the conservative mindset: "I believe whatever the US govt. tells me--it's the Divine Truth, even if it contradicts the statements of experts."



You must have missed what I had up then..
 
North Korea was NOT behind the Sony hack according to multiple security experts | Daily Mail Online



If it was an inside job then it definitely would've been in the best interest of the FBI to blame it on a foreign enemy. If it was an inside job, what could this mean for internal security in the United States?

I also find the Russia connection rather interesting.


When it comes to internal security in the U.S... it means nothing what so ever. When it comes to the security that SONY implimented, it shows that Sony did not confirm to industry standards for Security. There are definite signs of it being an inside job. For example, the software the did the hack showed knowledge of of the data, since it hard coded paths, and passwords. Someone from outside the company would not be able to use hard coded paths/passwords without someone on the inside helping.

Next, one of the accounts that was compromised that held the key to a lot of sensitive data had the password of 'password'. That would not pass any kind of reasonable internal audit if they ever had one. If SONY had a lick of common sense, and went to industry standard security protocols to secure the data, this would not have happened. Personally, I have to conclude not only SONY is at grave fault for this for having such shoddy security to begin with, but I have to question the competency of the FBI for making that conclusion based on the available evidence.
 
Back
Top Bottom