Others have already covered this from the WinPCap angle, so I won't
repeat that.
What I *will* point out is that the attacks he describes have
apparently been highly successful, and have concealed the
perpetrators, even *without* spoofing the attacking addresses. No
measure to limit/prevent/eliminate spoofing would have made any
difference *except* that it would have made it even harder for Gibson
to obtain a zombie sample to dissect.
To me, that makes the XP issue kind of a Red Herring. The bot/DDoS
problem is here now -- and without XP.
David Gillett
On 7 Jun 2001, at 15:01, Ari Weisz-Koves wrote:
> Maybe he is grandstanding a tad, but I think the underlying theme of his
> argument is solid. The issue here isn't that you can't forge packets from
> Windows - he didn't explain that correctly, and that seems to be the point
> everyone is sticking on.
>
> The reason I see to be scared is that suddenly the mainstream operating
> system used by the least cautious people around, with the best
> application/os integration providing the easiest trojan methods will by
> default be able to be used for packet forging attacks.
>
> Correct me if I'm wrong with the details, but with Windows 95/98/NT/2000
> wouldn't the trojan would have to figure out the network interfaces, install
> a packet driver, reboot the system then run itself again to begin the
> attack? Sure, someone out there is probably good enough to write this, but
> the majority of vicious virus-writing pranksters wouldn't have the skills to
> write one in a way that wouldn't suspiciously reboot the system or show up
> in some blaring obvious way to the end user. Isn't this just above the skill
> level of the majority of virus writers? If the interface is already
> installed and easily usable through the standard APIs on the os, isn't the
> danger that it just makes it too accessible to those who might want to cause
> such damage?
>
> Ari.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jose Nazario
> Sent: Thursday, 7 June 2001 11:28 AM
> To: Irony
> Cc: [EMAIL PROTECTED]
> Subject: Re: This is a must read document. It will freak you out
>
>
> On Wed, 6 Jun 2001, Irony wrote:
>
> > http://grc.com/dos/grcdos.htm
>
> hype and hyperbole. please see today's issue of hackernews (06 june 2001)
> for some links to the discussion on this.
>
> in a nutshell, gibson, as usually, overstates things and enjoys the
> press's attention and omission of understanding. :P using winpcap and
> libnet, for instance, forged packets can be created already on any Win32
> system, pre-XP.
>
> the internet is certainly in increasing dangers, but not from XP any more
> than from the latest release of slackware Linux, for example. *shrug*
>
> 'must read' and 'freak you out' .. heh.
>
> ____________________________
> jose nazario [EMAIL PROTECTED]
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
