yeah, but he also says that that functionality doesn't go in Shields up...
(and I tested that, scanned myself with high ports open and it didn't catch them...) rgds Frank -----Original Message----- From: Dennis Myhand [mailto:[EMAIL PROTECTED]] Sent: Friday, 30 November 2001 1:58 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Fwd: Malicious use of grc.com Actually, Steve Gibson states, on his site, that he has found a way to scan all 65K+ ports at one time. Franki wrote: > So what???? look around, there are thousands of free portscanners that > anyone can download and scan anyone they want.. > > And its only a small scan anyway, not like it fires up and scans 64000 ports > is it? > > The reasonn for the lax security is that it doesn't really make any > difference anyway.. > > The thing is to slow to be used for dos attacks anyway... (and you can't > target a specific port either.) > > rgds > > Frank > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Gavin > Sent: Thursday, 29 November 2001 11:15 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [expert] Fwd: Malicious use of grc.com > > ---------- Forwarded Message ---------- > Subject: Malicious use of grc.com > Date: Mon, 26 Nov 2001 14:53:16 -0500 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > > Greetings: > > ShieldsUp(tm) is an application developed by Steve Gibson of Gibson > Research Corporation that allows a web user to request a remote port scan > of their local system via the GRC.Com web site > (https://grc.com/x/ne.dll?bh0bkyd2). > The "Probe my Ports" option performs a scan of many common tcp ports > and reports the status of each port back to the user's browser. > > The development of the application and its method of identifying the > client IP address is quite insecure. As a result, ShieldsUp! allows the web > user to > perform a port scan against any other machine on the Internet and return the > results to the web user. The remote system will log the scan as having > originated from one of Steve Gibson's machines. > > Gibson has chosen to use a simple hidden tag in the client-side HTML code > to identify the IP address that is passed to the scanning engine. Though > the client's IP address is hashed, it is trivial to alter the value of the > hidden tag in order to request that a different IP address be scanned. The > true IP address is never checked in the HTTP header during the scan - > ShieldsUp happily scans the other box while returning the result set into > the > browser of the box that requested the scan. > > Fenris, The Wolf, a member of Hammer of God, quickly reviewed > the hash algorithm used to represent the IP address and found it weak; > therefore, one can easily submit requests, via the Shields Up web page, > for specific IP addresses to be scanned. These findings are not my own, > and I have not included the details of the hash here as it is used to > display a copyrighted page. The Wolf may post his findings if he chooses > to do so, but I will not make that choice for him. > > Instead, we can easily bypass the need to crack the hash by simply using > the "IP Agent" supplied by Gibson. Over a year ago, a hacked version of IP > Agent was published that allowed one to supply an address to scan-- Gibson > discounted this as a non-issue, but reportedly fixed IP Agent to perform a > check to prevent this from happening. > > However, IP Agent now supports multiple client IP addresses. One simply > needs to bind the targeted IP addresses to a local interface and perform a > scan request. In this case, ShieldsUp presents friendly command buttons > listing the IP addresses bound to the local interfaces and allows you to > select any one that you want scanned. Again, no other checking is done, > and ShieldsUp will scan whatever IP address you ask it to and display the > results in your own browser. > > According to the scanning page, "Information gained will NOT be retained, > viewed, or used by us in any way for any purpose whatsoever" which > basically invites anyone to use Gibson's site to do port scans of other > people's boxes without fear of detection. > > Additionally, multiple post requests can be easily scripted to perform > scans against a site in attempts to perform a denial of service attack > against a host. In these cases, with sufficient requests generated, one > could ask grc.com to attack another site and it will comply. > > One would have hoped that instead of Mr. Gibson spending so much time > expounding on the theoretical DoS capabilities of Raw > Sockets, that he instead had used that time to properly develop his own > application in order to prevent the same. Those concerned with malicious > attacks from grc.com should block Gibson's netblock at the border. > > Cheers, > Magni > > ------------------------------------------------------- > > ------------------------------------------------------------------------ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
