> From: Bill Stoddard
> Date: Wed May 21, 2003 6:24:42 AM US/Pacific
> To: Fork
> Subject: the google cluster architecture
>
> picked this up from a former apache http server collegue
>
> http://www.computer.org/micro/mi2003/m2022.pdf
>
> The google architecture is a cluster of 15,000 commodity PCs. Fault
> tolerence and reliability achieved in software (highly redundant
> systems with software to detect and route around failures). Design
> tailored for best aggregate throughput, not peak server response time.
> Parallelize individual requests to manage response time. Lots of other
> interesting stuff here.
> Bill
>

Without the ability to land tactical teams behind the lines with Blackhawks, and without the ability to see and prosecute targets from the air, the Battle of Baghdad will be a sequel to the Battle of Mogadishu on a massive scale. The US will have to settle for laying siege to Baghdad and starving out the combatants (and the citizens, which will not make for good press coverage) or for going into the city and battling for every corner, incurring heavy losses and inflicting many civilian casualties (which will not make for good press coverage).

In order to defeat the AAA shield, you will need to bomb in unpleasant ways. Presumably the AAA guns are perched atop apartment blocks, hospitals, schools, orphanages, and lots of other non-strategic targets. Again, bombing these in the density required to defeat hard-to-hit AAA guns will not make for good press coverage.

As in Kosovo, if you’re an infantryman you might be better off sitting on top of your Bradley rather than inside of it.

-Ian.

—– http://www.timesonline.co.uk/article/0,,5944-622904,00.html March 25, 2003

Enemy will take risks and seek a close, dirty war Military Briefing by General Wesley Clark

IF YOU want a foretaste of the battles around Baghdad, consider what has happened in the last day or two.

US and British forces stormed around Basra and al-Nasiriyah. Coalition expectations were high. These areas were occupied by second-rate Iraqi divisions, we knew. Many expected resistance would collapse quickly. And in these Shia areas, where Sunnis like Saddam Hussein were not popular, the Americans expected to be welcomed as liberators. In fact, initial resistance was minimal.

But since then, even in the areas through which coalition forces had penetrated, Iraqi resistance has reappeared and stiffened. Saddam is not fighting conventionally. He has allowed the initial heavy forces to penetrate Iraqi positions, and then his forces are shooting at the soft logistics and rear area vehicles.

He has shored up weak units with detachments of Republican Guards and Fedayin. Iraqi forces are shooting from buildings. Some of the soldiers are hiding among the civilian population. Others are actually covering their uniforms with civilian clothing and women and children have reportedly been pressed into service as human shields.

By the time the US and British forces arrive in the areas around Baghdad, the Iraqis will have taken our measure. They will have learnt that we are trying to fight with firepower rather than with our ground troops. They will recognise their vulnerabilities to US air power, the reluctance of the US forces to engage and risk hitting women and children, the porous US and British rear areas, and the lack of dismounted US infantry strength.

As we close the ring around Baghdad, the Iraqi tactics are also predictable. The Iraqis are defending in depth for miles around Baghdad. Three Republican Guard Divisions are there, plus the Special Republican Guard. The terrain is largely flat, but criss-crossed by rivers, canals, roads, embankments, and various settlements, villages and towns. More than five million people live there. The Iraqis’ advantages are knowledge of the terrain, willingness to take losses, and their ability to blend with the population. They have all the weapons they need to fight on an almost even basis if they can close in on US forces.

They will use smoke and oil fires to obscure visibility and counter US air power. Their tanks, no match for the M1A1 or Challenger in the open, are still formidable against troops and light vehicles, especially up close. Their rocket-propelled grenades will penetrate light armoured vehicles. Their heavy machineguns are effective against helicopters and low-flying aircraft. Their small arms are accurate, and lay down a heavy volume of fire. The Iraqis will want to fight close and dirty, with Iraqi tanks darting in and out of garages and buildings; they will conduct small-scale offensive actions with dismounted soldiers supported by mortars.

The fighting will be full of the tricks we have already seen and more: ambushes, fake surrenders, soldiers dressed as women, attacks on rear areas and command posts. The Iraqis will be prepared to conduct high-risk missions of a kind we would not consider.

The coalition will use its ground forces to fix Iraqi positions, but will do its best not to close on the ground. Instead we will rely on artillery, attack helicopters, A10s and Harriers to destroy the enemy once their locations are fixed. As we always say, what we can see, we can hit, and what we can hit, we can destroy.

We will advance carefully, with daily movements of a few miles or even a few hundred yards. We will drive corridors between Iraqi positions, to isolate and encircle them, and we will insert helicopter-borne and special operations forces into the Iraqi rear areas. As we clear the areas, we will establish careful defensive positions, with interlocking visibility and fires to guard against small-scale Iraqi penetrations.

And we will eventually, inevitably, have to engage in close combat. We do “own the night” with superior night-vision technology. We are very good, courageous and disciplined. We will “grind it out” if necessary.

Also, we will have to control the civilian population in the areas we have occupied. Many will leave their homes, and we will provide food and shelter, but we will do all this with the knowledge that among the population will be Iraqi agents and soldiers.

As the fighting enters Baghdad, we will try to organise resistance inside the city among the Shia population. And we will continue the campaign to destroy Iraqi command and control. Saddam, in turn, will have to consider whether to use his chemical and biological weapons.

Given our superiority, the ultimate outcome is not in doubt. But for how long, how much it will cost, and how much damage we inflict, depends on the Iraqis’ will to fight. We must do all we can to take it away as we close in to the critical battle of Baghdad.

# General Wesley Clark was Supreme Allied Commander Europe 1997-2000, and led Nato forces during the Kosovo campaign.

-Ian.

—– http://www.pcworld.com/news/article/0,aid,106352,00.asp Are We Living in the Golden Age of Hacking?

Recent months have seen an increase in security holes and in new tools used to exploit them, expert warns.

Gretel Johnston, IDG News Service Friday, October 25, 2002

Over the last eight months major new hacker tools have been released or revealed, ending a lull in activity among hackers that followed the September 11 terrorist attacks and the enactment of legislation that enhanced law enforcement’s ability to prosecute people who break code and wreak havoc on networks by exploiting software vulnerabilities, hacking consultant Ed Skoudis said Thursday.

LibRadiate, Paketto Keiretsu, Setiri, and The Defiler’s Toolkit are just some of the newest tools that have cropped up since March and that are keeping security specialists awake at night, according to Skoudis, who gave a threat update briefing at a SANS Institute conference. SANS is a security education and research organization in Bethesda, Maryland.

Skoudis, the vice president of ethical hacking and incident response at consultancy Predictive Systems, in New York, said the June-through-September period saw massive exposures of security vulnerabilities in OpenSSH, Internet Explorer, and Apache Web server software.

“This summer has been a huge summer for hackers. There were huge issues discovered all summer long, and things really opened up between March and now,” Skoudis said. “The Golden Age of Hacking rolls on.” Insecure Networks

One of the latest developments involves the security of wireless LANs and the ease with which people are able to detect them. For one week in early September, amateur wireless LAN sniffers used freeware called NetStumbler to detect hundreds of insecure business and home wireless LANs in North America and Europe in an exercise called a “war drive.”

Skoudis said attackers have “flocked to this area” and are finding that many wireless LANs are set up without basic security. After they detect the wireless LAN, they can use a tool that’s been available since May called LibRadiate, an API that allows developers easily to capture, create, and transmit arbitrary packets on a wireless LAN using the IEEE 802.11b standard. The tool runs on Linux (kernel 2.4) with wireless cards that have the Intersil Prism 2 chipset, Skoudis said.

LibRadiate makes it possible for hackers, using “fairly simple C code,” to capture TCP/IP packets or inject them into a network. Among the wireless attack tools expected to become available for use with LibRadiate, according to Skoudis, are Wired Equivalent Privacy crackers, which exploit flaws in the WEP protocol, allowing a hacker to determine encryption keys even when WEP is in use; and malformed packet generators, which inject strange and noncompliant packets into a network in an attempt to crash systems that cannot handle unusual packet structures.

“With tools like LibRadiate, the computer underground is starting to develop far more sophisticated attack tools than what we have seen in the past,” Skoudis said. TCP/IP Tricks

Another tool released, two weeks ago, is called Paketto Keiretsu, which Skoudis referred to as a suite of tools for doing TCP/IP tricks. One of its most fundamental capabilities involves rapid port scans, which it does by separating the packet sender from the receiver.

Skoudis also described Setiri, a new Trojan horse back door. The tool bypasses personal firewalls, Network Address Translation devices, proxies, and advanced firewalls by starting up an invisible browser on the victim’s PC.

Then Setiri, running on the victim’s system, uses OLE to communicate with the hidden browser. As long as the victimized PC’s browser can access the Internet, Setiri can reach across the network and get the attacker’s commands. The personal firewall, NAT, proxy, and stateful firewall do not know whether the access is caused by a user surfing the Internet or Setiri getting commands.

Setiri, developed by a small group of South African security consultants and demonstrated in August at Def Con, hasn’t been seen in the wild yet, Skoudis said. Nevertheless, he included it in his presentation because its existence has been acknowledged within the security community and writing the code is something a moderately skilled coder could do.

Skoudis said the system strips out information about the user by going through anonymizer.com, so blocking access to that site is a way of defending against Setiri. Another solution would require changes in IE that limit the actions of an invisible browser, and Skoudis said Microsoft has publicly said it will address the matter. Hacker’s Toolkit

In the new area of “antiforensics,” hackers have had access to a tool called the Defiler’s Toolkit since July. It’s able in a number of ways to foil the Coroner’s Toolkit, a tool that has been used by computer forensic specialists for several years, Skoudis said. For example, it can destroy or hide the traces of a hack that the Coroner’s Toolkit looks for. The Defiler’s Toolkit targets Linux Ext2fs file system, but Skoudis said the concept could be extended to other platforms.

Commenting on the recent distributed denial of service attack on the Internet that happened Monday, Skoudis said major U.S. law enforcement agencies are investigating, but he didn’t know whether they had developed any theories about where the attack originated.

Alan Paller, director of the SANS Institute, said the attack is being characterized by security professionals as a Smurf attack that could have been much worse if all 13 root servers had been affected.

“Had it knocked out all of them, there’s a reasonable expectation that over a certain amount of time … the way that you use the Internet would have ceased to work,” Paller said.

There’s no easy fix for preventing DOS attacks, and the time is fast approaching when ISPs are not going to allow users on the Internet if they pose a threat to the other users by not meeting a minimum standard of security, Paller added.

“DOS attacks are not going to be solved because we get some new hardware in the system,” Paller said. “You are going to have to re-engineer the whole Internet. That’s going to take close to a decade. While we are doing that, we are going to have to start protecting ourselves from [users who] are not going to be careful.”

———–