Others have already covered this from the WinPCap angle, so I won't repeat that. What I *will* point out is that the attacks he describes have apparently been highly successful, and have concealed the perpetrators, even *without* spoofing the attacking addresses. No measure to limit/prevent/eliminate spoofing would have made any difference *except* that it would have made it even harder for Gibson to obtain a zombie sample to dissect. To me, that makes the XP issue kind of a Red Herring. The bot/DDoS problem is here now -- and without XP. David Gillett On 7 Jun 2001, at 15:01, Ari Weisz-Koves wrote: > Maybe he is grandstanding a tad, but I think the underlying theme of his > argument is solid. The issue here isn't that you can't forge packets from > Windows - he didn't explain that correctly, and that seems to be the point > everyone is sticking on. > > The reason I see to be scared is that suddenly the mainstream operating > system used by the least cautious people around, with the best > application/os integration providing the easiest trojan methods will by > default be able to be used for packet forging attacks. > > Correct me if I'm wrong with the details, but with Windows 95/98/NT/2000 > wouldn't the trojan would have to figure out the network interfaces, install > a packet driver, reboot the system then run itself again to begin the > attack? Sure, someone out there is probably good enough to write this, but > the majority of vicious virus-writing pranksters wouldn't have the skills to > write one in a way that wouldn't suspiciously reboot the system or show up > in some blaring obvious way to the end user. Isn't this just above the skill > level of the majority of virus writers? If the interface is already > installed and easily usable through the standard APIs on the os, isn't the > danger that it just makes it too accessible to those who might want to cause > such damage? > > Ari. > > -----Original Message----- > From: firewalls-owner@Lists.GNAC.NET > [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Jose Nazario > Sent: Thursday, 7 June 2001 11:28 AM > To: Irony > Cc: Firewalls@Lists.GNAC.NET > Subject: Re: This is a must read document. It will freak you out > > > On Wed, 6 Jun 2001, Irony wrote: > > > http://grc.com/dos/grcdos.htm > > hype and hyperbole. please see today's issue of hackernews (06 june 2001) > for some links to the discussion on this. > > in a nutshell, gibson, as usually, overstates things and enjoys the > press's attention and omission of understanding. :P using winpcap and > libnet, for instance, forged packets can be created already on any Win32 > system, pre-XP. > > the internet is certainly in increasing dangers, but not from XP any more > than from the latest release of slackware Linux, for example. *shrug* > > 'must read' and 'freak you out' .. heh. > > ____________________________ > jose nazario jose@cwru.edu > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 > PGP key ID 0xFD37F4E5 (pgp.mit.edu) > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]