RE: A DoS Must Read from Steve Gibson... -- MIDRANGE-L

Title: RE: A DoS Must Read from Steve Gibson...

Ken, I speak not from an expert's point of view, but strictly as someone who desires to learn from all this. So please feel free to fill in my gaps of missing information.

I have read both the Steve Gibson side and anti-Gibson "sides". I have learned a lot from S.G. but also see his ego shining through a lot of what he writes.

You say that all operating systems have this capability, except for the previous versions of Windoze. If your mother or your grandmother has a PC, is it running anything other than Windows? It would seem that most Linux systems and other systems running non-Windoze OS's would be less vulnerable on the basis that they are being administered by technically-minded folk and would be more likely to be using a firewall. Therefore, your argument doesn't give me much comfort.

What particular purpose does the enhanced socket serve? To quote from his lengthy page:

>Let me say it again: This is all COMPLETELY
>UNNECESSARY since no Windows applications have
>ANY need for full Raw Socket support. No VALID
>use exists outside of an Internet research
>setting. Raw Sockets were only included by the
>original Berkeley designers for Internet protocol
>research. In a consumer computer system, they
>will only be exploited for malicious purposes.

I think (but am not sure as to your exact intention) that you supported S.G.'s thoughts on this re: the above paragraph when you say "no real Internet application is going to use these capabilities". What constitutes a "real Internet application"? Anything that you and I would legitimately use? If true, then *why* would the Raw Sockets be implemented?

So what if the current consumer iterations of Windoze already has a "crippled" implementation? Does that make it O.K. to serve up an implementation far more powerful than a crippled one? I think not.

Dan Bale
IT - AS/400
Handleman Company
248-362-4400 Ext. 4952
D.Bale@Handleman.com
Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)

-------------------------- Original Message --------------------------

-----Original Message-----
From:   Sims, Ken [SMTP:KSIMS@SOUTHERNWINE.com]
Sent:   Monday, June 25, 2001 2:35 PM
To:     MIDRANGE-L@midrange.com
Subject:        RE: A DoS Must Read from Steve Gibson...

Hi Chuck -

>There is apparently something pretty scary mentioned in the following
>and about the INABILITY to stop DoS attacks in the near future unless
>Microsoft starts listening...
>
>"For no good reason whatsoever, Microsoft has equipped Windows 2000 and
>XP with the ability FOR ANY APPLICATION to generate incredibly malicious
>Internet traffic, including spoofed source IP's and SYN-flooding full
>scale Denial of Service (DoS) attacks!" Steve Gibson, Gibson Research

This has been discussed to death in the firewalls newsgroup. In my opinion,
Steve Gibson is way overstating the situation (as is usual for him).

First, almost all operating systems (including Linux) already have the
capabilities that he is condemning. It is part of the Winsock standards.
IOW, the prior Microsoft Windows OSes were crippled and are now being
brought up to standard.

Second, no real Internet application is going to use these capabilities.
After all, if you spoof your IP address, you'll never get any information
back. If users keep trojan programs off their system, their systems won't
launch attacks. If they don't keep trojans off their systems and don't have
an application level firewall that can stop them, there are already many
attacks that can be launched even using the crippled Winsock.

Third, [I know there is a third but I can't think of it at the moment.
Getting old??? Nah!]

Ken
Southern Wine and Spirits of Nevada, Inc.
Opinions expressed are my own and do not necessarily represent the views of
my employer or anyone in their right mind.