On Thu, 5 Jul 2001, Karl J. Runge wrote:
> Steve Gibson (grc.com) is the author of spinrite (HD analyzer/corrector)
> way back from the DOS days ...
Indeed, and from the way he's been ranting lately, I am starting to think he
is still living in those days. :-(
> ... and now dabbles in internet security issues (ShieldsUP, etc).
"Dabbles" isn't the right word. "Pretends", maybe. He keeps re-inventing
nmap and thinking he is doing something new and unique, and then the security
community comes down on him saying "We've been doing this for years", and then
the cycle repeats. I've been watching this comedy of errors for some time
now.
On Fri, 6 Jul 2001, Rich Cloutier wrote:
> Windows 9x machines are not cabable of this [spoofing source addresses].
That is simply not true.
Windows 95, 98, 98SE, ME, NT 3.x, NT 4., and NT 2000 have no standard,
Microsoft API for raw sockets (which enable you to generate your own network
packets, which is what enables spoofing in this case). That does not mean it
is not possible! There are third-party toolkits which enable just this, as
well as known techniques for doing so. There are attacks which can use them.
Given that 95, 98, 98SE, and ME all have no security features or memory
protection worth speaking of, inserting one of these tools is trivial.
All Microsoft is doing is providing their own API to do what can already be
done.
> The reason a Linux machine on a cable modem is so desireable to these
> hackers is exactly that ...
I think you're stopping your analysis to early. Yes, hackers want to be
able spoof source addresses. Yes, Linux makes this easy. But you stop there.
Linux makes most programming tasks easier. The tools are free (gratis)
and widely available. Contrast that with the small set of high-priced,
propriatary tools available on the Microsoft platforms. The system is
well-documented and open -- contrast that with the closed, undocumented
systems Microsoft favors.
If you are trying to get a job done, you pick the best tool for the task.
Linux happens to be the best tool for networking. Unfortunately, this means
it is also the best tool for networking with evil intent.
Maybe Microsoft will suggest Linux-control laws next? A seven-day waiting
period before downloading Red Hat? ;-)
> ... and Gibson fears that millions of untrained users with XP and Outlook
> to propagate viruses with the trojans in them will bring chaos to the
> internet.
They already do.
Anti-virus protection is a multi-million dollar market segment. Millions
and millions of dollars spent every year just because Microsoft can't design a
secure OS.
Outlook-enabled email viruses can and still do bring corporate email systems
to their knees in minutes, and clog outside systems for hours or days.
What has changed?
> This (among other things) is the main reason I do not have a Linux machine
> directly connected to the internet (I have one at work behind a NAT
> firewall.) When I DO put up a Linux machine on my cable modem, it will be
> behind a dedicated firewall/router of some kind.
You should *NEVER* attach *ANY* kind of unprotected system directly to the
Internet, regardless of OS. If you take the time to secure it, a
general-purpose OS (Linux, MS-Windows, or whatever) can be used, but you have
to take that time. A turn-key firewall simply does the work for you. That
is, of course, often a good investment.
And, once again, I state: A firewall is not a panacea. You have to keep
*everything* secure, or that firewall might as well be a repeater.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
