Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-29 Thread David Kirkby
2009/11/28 Minh Nguyen : > Hi David, > > On Sat, Nov 28, 2009 at 8:50 PM, Dr. David Kirkby > wrote: > > > >> Is the MSc project available online? I'd be interested to read it if >> possible. >> Though you might think it more appropriate to not make it public, until >> issues >> highlighted have

Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-28 Thread Minh Nguyen
Hi David, On Sat, Nov 28, 2009 at 8:50 PM, Dr. David Kirkby wrote: > Is the MSc project available online? I'd be interested to read it if possible. > Though you might think it more appropriate to not make it public, until issues > highlighted have been resolved. The MSc project in question wa

Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-28 Thread Pat LeSmithe
On 11/28/2009 02:19 AM, Robert Bradshaw wrote: > On Nov 28, 2009, at 1:50 AM, Dr. David Kirkby wrote: >>> Actually, someone did a Masters project on just this. >> Is the MSc project available online? I'd be interested to read it if Paper: http://www.gingerlime.com/20090901_securing_sage_noteboo

Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-28 Thread Robert Bradshaw
On Nov 28, 2009, at 1:50 AM, Dr. David Kirkby wrote: > Robert Bradshaw wrote: >> On Nov 27, 2009, at 5:10 AM, Dr. David Kirkby wrote: >>> On Solaris one can block outgoing ports in a zone, without affecting >>> the rest of >>> the machine. In fact, if someone gets root access in a zone, they >>> c

Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-28 Thread Dr. David Kirkby
Robert Bradshaw wrote: > On Nov 27, 2009, at 5:10 AM, Dr. David Kirkby wrote: >> On Solaris one can block outgoing ports in a zone, without affecting >> the rest of >> the machine. In fact, if someone gets root access in a zone, they >> can do no >> damage elsewhere. >> >> I know one of the BSD

Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-27 Thread Robert Bradshaw
On Nov 27, 2009, at 5:10 AM, Dr. David Kirkby wrote: > kstueve wrote: >> >> On Nov 25, 12:34 pm, "Dr. David Kirkby" >> wrote: >>> It would appear to me that it would be very easy for a "script >>> kiddie" to write >>> a a program which created huge numbers of accounts on a Sage >>> server, pe

Re: [sage-devel] Re: Denial of Service attack on Sage servers

2009-11-27 Thread Dr. David Kirkby
kstueve wrote: > > On Nov 25, 12:34 pm, "Dr. David Kirkby" > wrote: >> It would appear to me that it would be very easy for a "script kiddie" to >> write >> a a program which created huge numbers of accounts on a Sage server, perform >> some CPU intensive computation on them, and bring the syste

[sage-devel] Re: Denial of Service attack on Sage servers

2009-11-27 Thread kstueve
On Nov 25, 12:34 pm, "Dr. David Kirkby" wrote: > It would appear to me that it would be very easy for a "script kiddie" to > write > a a program which created huge numbers of accounts on a Sage server, perform > some CPU intensive computation on them, and bring the system to a near > standstill