On Fri, 6 Jul 2001, "Rich Cloutier" <[EMAIL PROTECTED]> wrote:
> ...
> I have been following this for some time now. The reason a Linux machine on
> a cable modem is so desireable to these hackers is exactly that: The Linux
> machine can spoof its source IP address, thus hiding its identity from the
> attacked site's admin, and, more importantly, from the ISP.
>
> Windows 9x machines are not cabable of this. But apparently XP machines are,
> and Gibson fears that millions of untrained users with XP and Outlook to
> propagate viruses with the trojans in them will bring chaos to the internet.
Yes. More correctly it is that *un-altered* Win9* and WinNT systems
cannot spoof the source addresses. "3rd party" tcp/ip Windows drivers can
be installed that enable source address spoofing.
Actually with all of the Windows trojans floating around I'm surprised that
someone hasn't written a kit that alters the system to allow spoofing,
since it is so advantageous in ddos attacks...
Would these changes be confined to WINSOCK.DLL or does the Windows
kernel need to be "patched" to do this? It seems even a NIC driver
could be hacked to do this...
Karl
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
