[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] XP set to unlease huge pool of highly exploitable computers.

At 12:56 PM 6/16/01 +1000, Andrew Bennetts wrote:
>On Sat, Jun 16, 2001 at 08:19:50AM +1000, Peter Faulks wrote:
>> http://grc.com/dos/winxp.htm
>This is sensationalist, misleading and, I think, sometimes wrong.  I'm
>*very* suspicious of the motives of a "security expert" doing this.  He
>sounds to me like he is just trying to get more business.

Well, perhaps, but I found the article interesting. However, I did find his
conclusion that M$ should pull the RAW Sockets stuff from XP wrong.

>Raw socket stuff on Windows 9x is possible - libpcap has been ported,
>and is how tcpdump and nmap for win32 work.

Hmmm, it was my understanding that libpcap only captures packets, and I was
not aware that it could send packets. Secondly, considering that the RAW
Sockets support in WinSock2 is broken, they would have to interface at a
lower level, like NDIS. Do you know what level?
>                                            His argument for the
>dumbing down of consumer Windows annoys me. 

Indeed, it has been dumbed down enough already :-)

>                                            Microsoft can't win -- if
>they don't put enough features in, they get criticised for stifling
>innovation and dumbing down systems.  But they try to add a feature,
>which standard on the network stack of everyone else, and this guy goes
>nuts and predicts the death of the internet.

While I agree that his conclusion is wrong, there are several factors
operating here. When you stick out like dog's balls, you are bound to get
your nuts shot off.

MS do not have a good reputation for playing nice, so they are bound to get
criticism.  Of course, having said that, I acknowledge that many other
parties have not played nice in the past, and that companies like IBM are
only playing nice these days because they see it as a way to get a leg up.

>And to "prove" it all, he quotes comments in the source code of current
>DDOS tools.  And proves it several times, that's how much he's proved
>it!  He notes that Microsoft, who should know what their code does, says
>Win 9x can do IP spoofing, then ignores it, because the DDOS kiddies
>know better.  Yeah.  Of course.

Hmmm, I couldn't find this claim the MS says Win9X can spoof IP addresses,
but could find the claim that WinSock2 screewed up RAW Sockets ...

>He's just selling himself and his services.  Ignore him.

Well, while I think he is wrong about RAW Sockets in Win2L and WinXP, he
has done a very good job of documenting a problem.

Moreover, his claims are no more over the top that M$'s claims ... Have you
seen the Linux mutation adds?

Do I detect a little envy here?

>SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
>More Info: http://lists.slug.org.au/listinfo/slug

Richard Sharpe, sharpe@nospam.ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug