Maybe he is grandstanding a tad, but I think the underlying theme of his
argument is solid. The issue here isn't that you can't forge packets from
Windows - he didn't explain that correctly, and that seems to be the point
everyone is sticking on.
The reason I see to be scared is that suddenly the mainstream operating
system used by the least cautious people around, with the best
application/os integration providing the easiest trojan methods will by
default be able to be used for packet forging attacks.
Correct me if I'm wrong with the details, but with Windows 95/98/NT/2000
wouldn't the trojan would have to figure out the network interfaces, install
a packet driver, reboot the system then run itself again to begin the
attack? Sure, someone out there is probably good enough to write this, but
the majority of vicious virus-writing pranksters wouldn't have the skills to
write one in a way that wouldn't suspiciously reboot the system or show up
in some blaring obvious way to the end user. Isn't this just above the skill
level of the majority of virus writers? If the interface is already
installed and easily usable through the standard APIs on the os, isn't the
danger that it just makes it too accessible to those who might want to cause
such damage?
Ari.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jose Nazario
Sent: Thursday, 7 June 2001 11:28 AM
To: Irony
Cc: [EMAIL PROTECTED]
Subject: Re: This is a must read document. It will freak you out
On Wed, 6 Jun 2001, Irony wrote:
> http://grc.com/dos/grcdos.htm
hype and hyperbole. please see today's issue of hackernews (06 june 2001)
for some links to the discussion on this.
in a nutshell, gibson, as usually, overstates things and enjoys the
press's attention and omission of understanding. :P using winpcap and
libnet, for instance, forged packets can be created already on any Win32
system, pre-XP.
the internet is certainly in increasing dangers, but not from XP any more
than from the latest release of slackware Linux, for example. *shrug*
'must read' and 'freak you out' .. heh.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
