On 3 Jul 2001, at 9:17, Les Bell boldly uttered:
> A better approach would be for Microsoft to remove raw sockets capability
> from XP - but then, it's certainly been possible to create malformed
> datagrams in earlier versions of Windows (c.f. Ping of Death, Teardrop et
> al), so there must be at the least an undocumented API there.
I believe the problem Steve Gibson is referring to is
worst with DDoS attacks.
In such an attack, you have 2 main problems:
1) The "zombies", even if you find some, don't necessarily lead
you to the "master", and each one is only a small fraction of the
problem.
2) Worse, if the zombies are spoofing, it can be d*mn difficult
figuring out where the traffic is coming from. You have to go
hop-by-hop, monitoring router-interface-by-router-interface, to
trace the packets back to the source. (because the packets contain
bogus source address information) This is not just a technical
problem, it's a political problem because it requires the cooperation
and coordination of EVERY ISP IN THE PATH.
Presumably Gibson's feeling is that by making it easier for trojan
horses to access raw sockets and spoof, it will magnify the
aggravation of such attacks because it makes them harder to trace.
(of course Linux and other OS's can be convinced to spoof, especially
if you're root, but I suspect most of the zombies compromised and
used in DDoS attacks are Windows machines)
I'm not sure what David Bandel is referring to with "reverse path
filtering", I assume he means something otherwise known as "egress
filtering", ie - you setup filters on your border routers that if
they see packets coming from one of your customers that is not
claiming to originate from an address you route, you block it. Some
people are not thrilled about doing that everywhere because it breaks
certain types of diagnostic and security tools. (and lots of
spoofing/hacking tools)
> To be honest, I think Steve Gibson is enjoying his current wave of
> notoriety. Having briefly visited a phone booth, he is now rushing around
> in a Superman suit, breathlessly advising us that he alone is trying to
> Save the World from big bad Microsoft. WooHoo! Real Boys' Own Paper stuff.
I feel the same way to some extent. I referred to it as "Chicken
Little Syndrome" in another forum. :-)
I give him credit though - he's done many nice things, amongst them
raising the awareness of certain security things (spyware, trojans)
which is sorely needed. For example, as lots of non-tech-savvy
people stick their unsecured PC's on 24x7 cablemodem connections,
they will soon discover the joys of BackOrifice and other trojans,
not to mention provide nice willing zombies to spur DDoS attacks.
Phil
--
Philip J. Koenig [EMAIL PROTECTED]
Electric Kahuna Systems -- Computers & Communications for the New Millenium
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
