Forgot to cc the list again :o(
----- Original Message -----
From: "Rich C" <[EMAIL PROTECTED]>
To: "Benjamin Scott" <[EMAIL PROTECTED]>
Sent: Friday, July 06, 2001 6:52 PM
Subject: Re: grc.com Ddos analysis
> ----- Original Message -----
> From: "Benjamin Scott" <[EMAIL PROTECTED]>
> To: "Greater NH Linux Users' Group" <[EMAIL PROTECTED]>
> Sent: Friday, July 06, 2001 5:43 PM
> Subject: Re: grc.com Ddos analysis
>
>
> [snip]
>
> >
> > On Fri, 6 Jul 2001, Rich Cloutier wrote:
> > > Windows 9x machines are not cabable of this [spoofing source
addresses].
> >
> > That is simply not true.
>
> OK, nit noted: I should have said "stock" Windows 9x machines are not
> capable of this.
>
> >
> > Windows 95, 98, 98SE, ME, NT 3.x, NT 4., and NT 2000 have no standard,
> > Microsoft API for raw sockets
>
> Win 2k DOES have a raw sockets API.
>
> > (which enable you to generate your own network
> > packets, which is what enables spoofing in this case). That does not
mean
> it
> > is not possible! There are third-party toolkits which enable just this,
> as
> > well as known techniques for doing so. There are attacks which can use
> them.
> > Given that 95, 98, 98SE, and ME all have no security features or memory
> > protection worth speaking of, inserting one of these tools is trivial.
>
> If it were truly trivial, I would think it would be done more.
>
> >
> > All Microsoft is doing is providing their own API to do what can
already
> be
> > done.
>
> The point is that this capability will be present BY DEFAULT on Windows XP
> machines. That is analogous to Red Hat's having Sendmail turned on by
> default--it's just waiting to be exploited. If someone INTENTIONALLY
> installs a raw sockets capability, it is likely that they are a more
> sophisticated user and will be less likely to have their system used in a
> surreptitious manner.
>
> >
> > > The reason a Linux machine on a cable modem is so desireable to these
> > > hackers is exactly that ...
> >
> > I think you're stopping your analysis to early. Yes, hackers want to
be
> > able spoof source addresses. Yes, Linux makes this easy. But you stop
> there.
>
> I carried the analysis far enough to make my point. Carrying it further
does
> nothing to detract from my argument, nor does it further support it.
>
> >
> > Linux makes most programming tasks easier. The tools are free
(gratis)
> > and widely available. Contrast that with the small set of high-priced,
> > propriatary tools available on the Microsoft platforms. The system is
> > well-documented and open -- contrast that with the closed, undocumented
> > systems Microsoft favors.
>
> This doesn't stop trojans from being developed or deployed for Windows
> machines. This doesn't stop vulerabilities from being found in email
> programs to allow these programs to spread. The high cost of development
> tools does not hamper the proliferation of trojan programs, nor are the
> malicious hackers "going broke" paying license fees for Visual Studio.
>
> >
> > If you are trying to get a job done, you pick the best tool for the
> task.
> > Linux happens to be the best tool for networking. Unfortunately, this
> means
> > it is also the best tool for networking with evil intent.
>
> Linux systems are not the best systems for DDOS attacks because there is
not
> a high enough population of them yet. Further, there is not a high enough
> population of machines owned by the ignorant. Would a DDOS attacker want a
> half-dozen Linux machines, or a hundred Windows machines?
>
> >
> > Maybe Microsoft will suggest Linux-control laws next? A seven-day
> waiting
> > period before downloading Red Hat? ;-)
>
> They won't have to. As Linux use increases, malicious hackers will be the
> downfall of Linux, IF we don't get our collective act together with regard
> to security. Unless we can demonstrate that open source improves security,
> no one will use it.
>
> >
> > > ... and Gibson fears that millions of untrained users with XP and
> Outlook
> > > to propagate viruses with the trojans in them will bring chaos to the
> > > internet.
> >
> > They already do.
> >
> > Anti-virus protection is a multi-million dollar market segment.
> Millions
> > and millions of dollars spent every year just because Microsoft can't
> design a
> > secure OS.
>
> It's not that they can't, it's that they don't hold it as a priority.
> Security <> ease-of-use, and Microsoft is more concerned with ease of use.
>
> >
> > Outlook-enabled email viruses can and still do bring corporate email
> systems
> > to their knees in minutes, and clog outside systems for hours or days.
> >
> > What has changed?
>
> With XP, and Linux too for that matter (as with all OSes that can spoof
> source IPs) the compromised systems won't be detectable.
>
> >
> > > This (among other things) is the main reason I do not have a Linux
> machine
> > > directly connected to the internet (I have one at work behind a NAT
> > > firewall.) When I DO put up a Linux machine on my cable modem, it will
> be
> > > behind a dedicated firewall/router of some kind.
> >
> > You should *NEVER* attach *ANY* kind of unprotected system directly to
> the
> > Internet, regardless of OS. If you take the time to secure it, a
> > general-purpose OS (Linux, MS-Windows, or whatever) can be used, but you
> have
> > to take that time. A turn-key firewall simply does the work for you.
> That
> > is, of course, often a good investment.
>
> My point was that a dedicated firewall will have fewer vulnerabilities
than
> even a properly secured multi-purpose OS, Linux included. And such a
> dedicated firewall makes it easier to "plug all the holes."
>
> >
> > And, once again, I state: A firewall is not a panacea. You have to
keep
> > *everything* secure, or that firewall might as well be a repeater.
> >
>
> No argument there. :o)
>
> Rich Cloutier
> SYSTEM SUPPORT SERVICES
> www.sysupport.com
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
