Hi Michael,
I too am concerned with XP but not for the DoS reason (Linux already has
this loop hole), I am more concerned with the pricing model MS is trying.
The thought of paying a monthly subscription to MS gives me the
Hebegebees... Maybe the good Dr. could come up with an OS under his sleeve.
As you stated, ZoneAlarm is a very good fire wall, but that is only if you
aren't going to expose any ports to the web, like 80 for a web server.
The reason IIS gets picked on is because of MS and its wide use. After One
of my sites got defaced by a China hacker several months ago, I have been on
a quest for security knowledge. What I found is that it is very easy to
secure IIS if you follow the check lists that Microsoft provides and keep up
to date with the security patches (which are free).
This link is for IIS 4.0 check list, but you can learn allot about security
setting for Windows NT from it.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
iischk.asp
the biggest surprised to me when I started was the fact that, through a
simple URL Call from a Browser you could execute the CMD.EXE and wreak havoc
on the system. (That is how, the hacker defaced one of my sites). by
moving a securing this little file, I found you will stop over 90% of
hackers (script kiddies) on the web site.
I have other links on my site at www.pcforge.com
Ben Johansen
----- Original Message -----
From: "Michael Young" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 08, 2001 2:59 PM
Subject: Security concerns
> Hi All,
>
> I just got off of Steve Gibson's web site. He went through a Denial Of
Service
> (DOS) attack and has written up a rather informative account of it. This
type of
> attack basically just hammers on a web site until no one else can get in.
He is
> very unhappy with ISPs, especially those running cable and DSL modems
(high
> bandwith systems), Internet Information Server (IIS), Windows 2000,
Windows
> XP, and Black Ice Defender. He once again has kudos for ZoneAlarm, both
the
> free and pro versions. I would recommend visiting the site at:
>
> http://grc.com/dos/intro.htm
>
> I found it very interesting and it sounds like XP may be the bane of the
internet!
> This attack is unlikely to happen to any of us- until you tick of a hacker
of
> almost any experience level from novice to expert. You may, however, find
> yourself unwittingly a participant in the attack unless you have a good
security
> system in place.
>
> Best regards,
> Mike Young
>
>
