Maybe he is grandstanding a tad, but I think the underlying theme of his argument is solid. The issue here isn't that you can't forge packets from Windows - he didn't explain that correctly, and that seems to be the point everyone is sticking on. The reason I see to be scared is that suddenly the mainstream operating system used by the least cautious people around, with the best application/os integration providing the easiest trojan methods will by default be able to be used for packet forging attacks. Correct me if I'm wrong with the details, but with Windows 95/98/NT/2000 wouldn't the trojan would have to figure out the network interfaces, install a packet driver, reboot the system then run itself again to begin the attack? Sure, someone out there is probably good enough to write this, but the majority of vicious virus-writing pranksters wouldn't have the skills to write one in a way that wouldn't suspiciously reboot the system or show up in some blaring obvious way to the end user. Isn't this just above the skill level of the majority of virus writers? If the interface is already installed and easily usable through the standard APIs on the os, isn't the danger that it just makes it too accessible to those who might want to cause such damage? Ari. -----Original Message----- From: firewalls-owner@Lists.GNAC.NET [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Jose Nazario Sent: Thursday, 7 June 2001 11:28 AM To: Irony Cc: Firewalls@Lists.GNAC.NET Subject: Re: This is a must read document. It will freak you out On Wed, 6 Jun 2001, Irony wrote: > http://grc.com/dos/grcdos.htm hype and hyperbole. please see today's issue of hackernews (06 june 2001) for some links to the discussion on this. in a nutshell, gibson, as usually, overstates things and enjoys the press's attention and omission of understanding. :P using winpcap and libnet, for instance, forged packets can be created already on any Win32 system, pre-XP. the internet is certainly in increasing dangers, but not from XP any more than from the latest release of slackware Linux, for example. *shrug* 'must read' and 'freak you out' .. heh. ____________________________ jose nazario jose@cwru.edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]