[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] XP set to unlease huge pool of highly exploitable computers.

On Sat, Jun 16, 2001 at 01:48:41PM +0900, Richard Sharpe wrote:
> At 12:56 PM 6/16/01 +1000, Andrew Bennetts wrote:
> >Raw socket stuff on Windows 9x is possible - libpcap has been ported,
> >and is how tcpdump and nmap for win32 work.
> Hmmm, it was my understanding that libpcap only captures packets, and I was
> not aware that it could send packets. Secondly, considering that the RAW
> Sockets support in WinSock2 is broken, they would have to interface at a
> lower level, like NDIS. Do you know what level?

I could be wrong about nmap on win32 using libpcap, now that I look into
it more closely.  I can't find a page about win32 nmap at the moment
though.  Sorry for the misinformation.  However, nmap does support
sending packets that require the equivalent of RAW socket access, e.g.
for FIN scans.  I suspect it uses the NDIS level, but I'm not an expert.
libpcap on win32 also uses NDIS.
> >                                            His argument for the
> >dumbing down of consumer Windows annoys me. 
> Indeed, it has been dumbed down enough already :-)

My point exactly.  :)

> >                                            Microsoft can't win -- if
> >they don't put enough features in, they get criticised for stifling
> >innovation and dumbing down systems.  But they try to add a feature,
> >which standard on the network stack of everyone else, and this guy goes
> >nuts and predicts the death of the internet.
> While I agree that his conclusion is wrong, there are several factors
> operating here. When you stick out like dog's balls, you are bound to get
> your nuts shot off.
> MS do not have a good reputation for playing nice, so they are bound to get
> criticism.  Of course, having said that, I acknowledge that many other
> parties have not played nice in the past, and that companies like IBM are
> only playing nice these days because they see it as a way to get a leg up.

Oh, absolutely, when they do something bad, get annoyed.  But there's
enough things to be upset about without having to invent more. Microsoft
have fought hard (many would say too hard) to become the market leader,
and should be prepared to defend themselves from the criticism that that
inevitably brings.

> >And to "prove" it all, he quotes comments in the source code of current
> >DDOS tools.  And proves it several times, that's how much he's proved
> >it!  He notes that Microsoft, who should know what their code does, says
> >Win 9x can do IP spoofing, then ignores it, because the DDOS kiddies
> >know better.  Yeah.  Of course.
> Hmmm, I couldn't find this claim the MS says Win9X can spoof IP addresses,
> but could find the claim that WinSock2 screewed up RAW Sockets ...

He quotes both a MS TechNet page and an email from MS on this subject on
his page, under the text: "Microsoft's Position: [start box]This is not
really anything new, since previous versions of Windows had support for
Raw Sockets.[end box]".

> >He's just selling himself and his services.  Ignore him.
> Well, while I think he is wrong about RAW Sockets in Win2L and WinXP, he
> has done a very good job of documenting a problem.

True.  DDOS attacks, using Windows of any variety, are capable of doing
a lot of damage that is virtually impossible to stop.  And that can
happen already, as he mentions elsewhere on his site -- he's already
been DDOSed to oblivion, and Win XP hasn't hit the shelves yet!  Having
good descriptions of the problem and possible solutions is a good thing.

Going crazy, saying the internet is about to collapse because of Win XP
is not helpful.  It's a publicity grab.  The more he gets his name in
the media for this sort of thing, the more widely recognised as a
"security expert" he'll become.  Perhaps I'm being cynical and he's just
misguided, but I think he's doing it for financial gain to himself.
Note the "Purchasing Info" link at the bottom of the page.  The more
notoriety he gains, the more likely he is to be able to sell his

> Moreover, his claims are no more over the top that M$'s claims ... Have you
> seen the Linux mutation adds?

Heh.  No, I haven't.  I can imagine though.

> Do I detect a little envy here?

What of?  I'm not sure what you're suggesting.  I'm no MS fan.  I just
don't like mindless MS bashing.  If you're going to bash MS, do it for
a good reason -- there's plenty of them! :)


SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug