Of course, the beauty of the digital age is that skill can be transferred
electronically. Not every script kiddie has to create a trojan installer
capable of loading the correct network interface, just one of them. Once
one good trojan comes out to do that (and probably already has), it just
gets shared by all in the underground. Furthermore, once a trojan has
control over a machine, it can be used to run or install whatever, whenever,
without the user necessarily even knowing it. So, above trojan gets
installed, connects home to ask what to do, and receives instructions to
determine OS and install the proper libpcap style driver. Then, instead of
rebooting the machine, it just sits and waits for some user activity to
occur, forces a blue screen, and when the user reboots his/her machine, the
trojan can know write raw packets. Gibson's concern over raw sockets is
groundless, it seems to me.
Randy Graham
--
You're kind of trying to pick between "horible disaster" and "attrocious
disaster" -- Paul D. Robertson (on VNC vs. PPTP)
http://www.theregister.co.uk/content/2/19442.html - Mankind's greatest
invention?
> -----Original Message-----
> From: Ari Weisz-Koves [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 06, 2001 10:01 PM
> To: [EMAIL PROTECTED]
> Subject: RE: This is a must read document. It will freak you out
>
>
> Maybe he is grandstanding a tad, but I think the underlying
> theme of his
> argument is solid. The issue here isn't that you can't forge
> packets from
> Windows - he didn't explain that correctly, and that seems to
> be the point
> everyone is sticking on.
>
> The reason I see to be scared is that suddenly the mainstream
> operating
> system used by the least cautious people around, with the best
> application/os integration providing the easiest trojan
> methods will by
> default be able to be used for packet forging attacks.
>
> Correct me if I'm wrong with the details, but with Windows
> 95/98/NT/2000
> wouldn't the trojan would have to figure out the network
> interfaces, install
> a packet driver, reboot the system then run itself again to begin the
> attack? Sure, someone out there is probably good enough to
> write this, but
> the majority of vicious virus-writing pranksters wouldn't
> have the skills to
> write one in a way that wouldn't suspiciously reboot the
> system or show up
> in some blaring obvious way to the end user. Isn't this just
> above the skill
> level of the majority of virus writers? If the interface is already
> installed and easily usable through the standard APIs on the
> os, isn't the
> danger that it just makes it too accessible to those who
> might want to cause
> such damage?
>
> Ari.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jose Nazario
> Sent: Thursday, 7 June 2001 11:28 AM
> To: Irony
> Cc: [EMAIL PROTECTED]
> Subject: Re: This is a must read document. It will freak you out
>
>
> On Wed, 6 Jun 2001, Irony wrote:
>
> > http://grc.com/dos/grcdos.htm
>
> hype and hyperbole. please see today's issue of hackernews
> (06 june 2001)
> for some links to the discussion on this.
>
> in a nutshell, gibson, as usually, overstates things and enjoys the
> press's attention and omission of understanding. :P using winpcap and
> libnet, for instance, forged packets can be created already
> on any Win32
> system, pre-XP.
>
> the internet is certainly in increasing dangers, but not from
> XP any more
> than from the latest release of slackware Linux, for example. *shrug*
>
> 'must read' and 'freak you out' .. heh.
>
> ____________________________
> jose nazario
> [EMAIL PROTECTED]
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD
> 48 A0 07 80
> PGP key ID 0xFD37F4E5
> (pgp.mit.edu)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
