Domain: 2600.net
Stories and comments across the archive that link to 2600.net.
Comments · 6
-
cannon fodder
more cannon fodder for the slashdot effect...
another mirror for the phrack archive is here
you can find up to issue 52 -
Re:Full text of the Bill (actual text, no link)
-
Re:Full text of the Bill (actual text, no link)
-
Re:Full text of the Bill (actual text, no link)
-
Re:Scanning ports
It refers to the difficulty in spoofing a TCP connection. Basically, to spoof a TCP connection, you need to take down the host you're pretending to be (usually with SYN flooding or something of that nature), and then sent TCP packets with that host's IP address as the origin. However, since the return packets will be going back to the disabled host, not to you (TCP spoofing is a "blind" attach), you need to guess the sequence numbers to put in the TCP packets, and if you guess wrong, the other side will discard them as being out of order or random garbage data, thus disconnecting you (if you even got the connection negotiated in the first place) and messing up your attack.
TCP sequence predition in nmap estimates the difficulty of guessing these TCP sequence numbers. In some OSs, such as Windows, it's a fixed increment between packets, so trivially easy to guess. In Linux, apparently, "random positive increments" are used, making it extremely difficult to guess the TCP sequence, thus making it extremely difficult to successfully spoof a TCP connection.
I've read some on Bugtraq recently about other weird things in Linux that will allow you to get a more accurate guess of the sequence numbers on a host that's otherwise idle (i think the id field in the IP packet increments by one each time or something of that nature). However, it's still not nearly as easy as Windows.
For a much more in-depth discussion, read daemon9's IP-Spoofing Demystified (Phrack Issue 48, Phile 14). -
Re:Dumbing down
I saw an advertisment the other day that went something like this: "Enroll now at XXX for MCSE training. No computer experience necessary!" That gave me a little laugh.
Anyway, although there is little hope for Win9x, NT can be perfectly secure. Microsoft has a nice checklist that my mom could even follow to secure a server. Overall, NT seems to be more resistant to hacking then other OSes. (but that hack worked because things wern't firewalled)
Of course the "dumbing down" is going to happen to Linux too. I tell the other admins all the time "don't login with telnet", "don't take out /etc/securetty", and "don't keep users with no passwords" but they don't seem to listen. It is just easier to take those shortcuts.
Here's an interesting idea.. Is it possible to force win9x (with a registry hack or something) to only run signed executables? That would help against BO but is pretty useless against macros.