[Courses] [Security] netstat status field

coldfire rolick571 at duq.edu
Mon Mar 11 15:45:16 EST 2002 

i think that one of the points that steve guy was trying to make (way back
when) was that the majority of virii/trojans/DDOS attacks affected the
windows platform.  it's not that the windows users would utilize the raw
socket ability .. it's that the existing virii coding retards would make
some crazy bad @$$ DDOS attacks that used this.  i wonder if they'll ever
figure out how to use the raw sockets ;p

coldie

> > That makes much more sense too now about the winxp raw sockets issue....
>  
> 	Exactly.  For those of you that hadn't seen it in the news a
> few months ago, there was a big to-do when WinXP was released.  For the
> first time in a Microsoft OS, you had the capability to use raw sockets,
> and that means you have the ability to make any kind of packet you want,
> even if it's a bad one that the normal TCP/IP stack would never produce.
> Unix has had this capability for ages.  
> 
> 	There were some security folk that were convinced that the
> number of spoofed packet and bad packet attacks would increase
> astronomically now that Windows users could do it too.  (The idea, I
> think, was that there are lots of script kiddies out there who don't
> speak Unix, and so couldn't make bad packets to attack people with.
> With the power to do this now built into Windows, it would be easy for a
> Win programmer to make a GUI packet-crafter front end, and thus give
> script kiddies a powerful new tool.)  In particular, Steve Gibson raised
> the roof about it.
> 
> http://grc.com/dos/sockettome.htm
> 
> 	That's his edited reply.  [grin]  He backpedaled a lot from his
> original "raw sockets are evil, Microsoft is destroying the Internet"
> position.  It's almost funny.
> 
> 	I haven't heard of any great increase in spoofed or bad packet
> attacks since, so it doesn't appear to have been a great problem.  So
> far.  [grin]
> 
> 	As with many security tools, the problem is that the knowledge
> that can be used to protect and defend is pretty much the same knowledge
> that would make one a formidable attacker.  Tools like nmap or Dan
> Farmer's SATAN (http://www.cerias.purdue.edu/coast/satan.html) and its
> spinoff SAINT (http://www.saintcorporation.com/saint/) generally spark a
> huge argument about the ethics of such security tools.
> 
> Cheers,
> Raven
> 
> "Sed, sed, awk.  Like duck, duck, goose.  Sync, sync, halt.  It's the
>  order of nature."
>   -- me, after too long a day at work
> _______________________________________________
> Courses mailing list
> Courses at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/courses
>

More information about the Courses mailing list