From owner-freebsd-security  Sat Jul 15 17:43:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 4B96E37B53E
	for <freebsd-security@FreeBSD.ORG>; Sat, 15 Jul 2000 17:43:42 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id SAA20490;
	Sat, 15 Jul 2000 18:43:25 -0600 (MDT)
Message-Id: <4.3.2.7.2.20000715183431.04e2a580@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sat, 15 Jul 2000 18:43:23 -0600
To: Wes Peters <wes@softweyr.com>
From: Brett Glass <brett@lariat.org>
Subject: The Flame Blame Game
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <3970DF32.6D988E56@softweyr.com>
References: <Pine.LNX.4.21.0007150356230.24791-100000@jason.argos.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 04:01 PM 7/15/2000, Wes Peters wrote:

>Yes, it seems that the BrettGlass attack is an "amplifying reflector",
>like the multicast TCP ACK in the Stream attack.  Since we can't quench
>the source, it seems that rate-limiting the replies is the most effective
>protection.

Actually, the problem is simpler: Certain people seem to be 
engaging in what I call the "Flame Blame Game."

Here's how it works:

1) Wait for the target to post an opinion in an online
   forum.

2) Turn the topic (even if it is legitimate) into an 
   irritating flame war that wastes time and bandwidth.
   Drown out any VALID remarks, regardless of the source,
   with annoying flames.

3) Blame the flame war on the target and encourage others
   to see him or her as a troublemaker, filter his or her 
   messages,  and/or eject him or her from the list.

The target is in a tough spot. If he does NOT respond to the 
nasty messages posted by the flamer(s), then the flamers have 
effectively silenced him. If he DOES respond, he's seen as
fanning the flames. Either way, blame is laid on him rather
than upon the guilty parties -- UNLESS people see through the
ruse.

I've seen this happen to other folks, on other lists, and
apparently the meme has spread.

--Brett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message