Slashdot Mirror

Yup... I almost trust Iomega, too!

Here you go. Ask him about his raw sockets.

Steve?

The firmware is written in assembler, a la Steve Gibson'esque

Gibson Research

Watch Ad-Aware be ruled illegal under Patriot Act in the first month. Steve Gibson will need to watch is back. Mandatory Spyware in the name of national 'defense'.

Checks data for failure, refreshes data and in teory prevents hard-disk failure. Post-Disaster Data Recovery capable.

Saved my day many times.

[And please don't start a Gibson-flamewar.. ;-)]

If it ain't broke, don't fix it. If you've got 2.2 running just fine, then upgrading should only occur if you either need 2.4 features, or see a bug fixed that affects you.
I recently upgraded a server to 2.4, but only because I had to. I wanted to add file server capabilities, and my data disk (40GB) was reiserfs formatted, and none of the 2.2 reiserfs patches would work, so I went up to 2.4.
I still have not managed to upgrade from ipchains to iptables though, since ipchains just works (at least according to my logs, and services such as Steve Gibson's).

Ok, there's always telnet and netcat, but for the lazy:

http://grc.com/id/idserve.htm

Yeah, yeah, Steve's a bit of a tinfoiler, but his apps are always damn slick (anyone else remember Chromazone?)

He doesn't sign anything, just sprinkles on some invisible nanobots.

Is this William Gibson we're talking about or Steve Gibson?

Information and links about Slammer: yes, him
Zombie type attack: him again (Skim over the XP crap to Attack Profile, unless you want a laugh.)

Information and links about Slammer: yes, him
Zombie type attack: him again (Skim over the XP crap to Attack Profile, unless you want a laugh.)

According to my latest lookup, Bank of America is using a Netscape server. Netscape is not known for deliberately trying to screw up and mislead other peoples products, although I do not think Netscape was no guardian angel either... According to Steve Gibson's IDServe program:

Initiating server query ...

Looking up IP address for domain: www.bankofamerica.com

The IP address for the domain is:

171.159.65.173

Connecting to the server on standard HTTP port:80

[Connected] Requesting the server's default page.

The server returned the following response

headers:

HTTP/1.1 200 OK

Server: Netscape-Enterprise/6.0

Date: Thu, 06 Feb 2003 22:02:15 GMT

Content-type: text/html

P3P: CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi"

Page-Completion-Status: Normal

Page-Completion-Status: Normal

Set-Cookie: BOA_0020=20030206%3A0%3AW%3A000EA689%2DDB5E%2D1E42 %2D98F1830FF63AC2FE; expires=Sun, 27-Sep-2037

00:00:00 GMT; path=/; domain=.bankofamerica.com;

Set-Cookie: CFID=33929205; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;

Set-Cookie: CFTOKEN=35447204; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;

Set-Cookie: GEOSERVER=2; path=/;

Set-Cookie: HOMETAB=pf; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;

Connection: close

Query complete.

I use this a lot when I decide if I want to open an account with some internet merchant. I know I use a non-IE browser and know MS is using their stuff to hang up non MS stuff, so if I see the IIS server come up, there is no way I'm doing business with *that*. My fear is it will get my CC info, hang up somewhere, and leave me wondering whether or not my transaction completed. I know the tactics by now. I'll browse, and if necessary I'll read the document source if Microsoft succeeded in fouling the file so much as to render it unreadable in the browser, but there is no way in he** I am giving my CC info to some MS server.

I think you were looking for https://grc.com/dos/drdos.htm.

Scroll down to:

Distributed Reflection
A Next-Generation DDoS Attack

and you can read all about this attack and how the perpetrator was owned.

These people won't be Microsoft programers who don't know how to write tight code...
Seriously todays programmers aren't taught tight code... and giving yourself limitations like these you would have to. When write in the "popular" languages of today the overhead alone would kill the likelyhood of a programmer just "throwing something together".
Here is where Assembly is King.

this all points back to Steve Gibson and his "small is beautiful"-campaign :)

Don't forget to run SpinRite on the drive (after replacing or otherwise dealing with the fan), you might get a few more years or sectors out of tha sucka. [SpinRite, as you probably know, can magically transform bad sectors into good ones.]

I have to agree this article does seem a little boastful. It glamourizes the feds, as well as the script kiddies using these worms to attack whoever making them seem like 'brilliant hackers'.

I've seen irc channels get flooded by 'zombies' used in a similar fashion (one person commanding them).. It doesn't take much for a kid (with a bit of free time) to gather up hundreds or even thousands of these infected clients. I've seen it happen. Why is it so easy? simple, most average Joes can't tell when their computer is infected or not. The same way there's spyware installed right under their noses.

Steve Gibson has also exposed a case similar to this where he tracked down the script kiddie (a 13 year old on an irc channel).

This article is nothing new, there's tons of exploits similar to this one floating around.

I found Steve Gibson's description of battling a DDoS attack having more technical information, and being much more entertaining at the same time. He's the author of "Shields UP!!" and other Internet security software. A good read for geeks.

I'm not sure that this guy worked for the fbi but here is an interesting version of the same story

http://grc.com/dos/drdos.htm writting by the author Gibson

I don't know, seems to have quite the spin on it, almost a dramatic flair not usually found in normal reports. "But there was a hitch. The private experts were uneasy. Could they trust the G-men?" Whoever wrote this probably wasn't going for academic excellence in reporting.
There's also a similiar and much better article here on the Gibson Research Corp website. It's qutie a bit less fantastical and more technical. And LONG!

My fist thought was:

I didn't know Steve Gibson played guitar!

I don't think programs will get longer, since why would anyone adopt a language that makes their job harder?

So they can brag about it all the time like Steve Gibson. Every time I go to his site I feel like such a pansy just 'cause I don't know ASM.

It was not Mitnick.

I investigated into this matter, and came up with the following theory.

Port 1434 = 1+4+3+4 = 12

12 is the number of the month when Steve Gibson got hired as a consultant. Coincidence? I think not!

SQL (alphabet numbered) = S(19) + Q(17) + L(12) = 48

48 is the number of states which are connected together on US map. That means that attack came either from Hawaii or Alaska.

Using the search on a popular site called Google, I was able to track down the perpetrator.

So at the end we are left with one answer: Steve Gibson is just hax0ring back, in an elaborate revenge plan to outlaw port 1434 and raw sockets.

You could do this sort of reflection attack with just about any server using the SYN/SYNACK method, but this one is nasty because of the huge difference in size between the initial forged packet and resulting response. Reflection attack (Yes, that grc "end of the Internet" .com again. :^)

Take a look at this link then tell me what you would do if this happened to you and your network/website. attack
I realize most of us don't have the time to accomplish this kind of response but my response would be something along the same lines.

Of course, unless the zombies were smart enough to know the IP range within the border router, you'd still get a metric buttload of invalid packets at the border router. Some kind of threshhold alarm might be a good idea -- but then there's the problem of locating what machine within the border is generating the packets...

In a perfect world, the best solution would be that people didn't let their machines get 0wn3d in the first place, [Insert maniacal laughter]!

Egress filtering is a good thing but it's not a complete solution. (And it's a good thing that I turned back from the Insufficient-light Side of the Hack many years ago.) Here's an explaination of a reflection attack. (Yes, that "end of the Internet" grc. :^)

He basically got his hands on one of the "zombie" trojans the DDoS'ers use, reverse engineered it to find out how it works (and which IRC servers it talks to to receive its commands), wrote his own to connect to said server and waited until the attackers personally logged in. It really is a good read.

If you want an explaination of DDoS, here isn't bad.

This at least requires a client to have raw socket access in my opinion. If it is supposed to setup a connection without the normal syn startup (as i read the article) it needs some direct raw ip access. This allows a lot of spoofing from windows boxed that are "rooted:"

Want to know more about raw socket access, ask gibson about that.

Steve Gibson is an asshat with a product to sell.

I wouldn't take any of his advice. He's a paranoid nutter just shy of wearing a tinfoil hat.

Well, Steve Gibson of GRC found some personal info being sent out? Now, yeah, a name and email aren't really that useful, but it did indicate a breach of trust. Oh well, as long as Real isn't doing that anymore, or at least lets us mess with the Helix code, the pseudo-trust level is ok for now.

Here's An interesting piece about Real's kind ways of spying on its users. It's somewhat old, yet very interesting. Dunno about what their software do now, as I've replaced with Linux my last Windows machine more than 1 year ago and currently use only 100% trusted (that is, 100% free and open source) software.

Hasn't Steve Gibson been promising some sort of freeware hyper speed port scanner for months, possibly years now? If you go take his shieldsup test, there he mentions something about it on one of the pages.

More info on the Zip drives can be found here. There are apparently known problems with the Zips, hope this helps (check bottom of linked page for the info).

Like it's really so hard to jitter in a tad of html.
The GRC link as a link.

The Apple II did 280 x 192. However, if you wanted color, and wanted to be able to address all 6 colors (in high-res) in any "pixel," you were limited to a virtual 140 x 192. But if you're working on a green screen or amber monitor (for less eyestrain), you could easily address 280 pixels across horizontally. You were basically address color sub-pixels. Sub pixel rendering, of course, is a technology Microsoft used on the Apple II, but then "rediscovered" and patented on LCD screens. A good discussion of the subject can be found here .

This sounds like Steve Gibson's suggestion from gibson research.

I wrote a paper in a similar vein last spring about stopping ddos attacks, it's the second section of this paper. It seeks to fix the underlying problem, not create a band-aid.

This sounds like Steve Gibson's suggestion from gibson research.

I wrote a paper in a similar vein last spring about stopping ddos attacks, it's the second section of this paper. It seeks to fix the underlying problem, not create a band-aid.

It's also similar to the way F-Prot Antivirus is delivered.

Basically each customer gets a login for the web site and can download from there. It avoids serial generators and cracks because you can't just download the shareware and then apply a crack. The only people who even get the opportunity to download the software are those who have paid so it's less likely (but still inevitable) that they will give it away, share it on kazaa, etc.

For those saying that ClearType style subpixel hinting is "too blurry", you should be aware that it only really works on TFT screens as the way it works requires a set pixel layout, which traditional CRTs don't have. Steve Gibson has a fairly good explanation of how it works on his website (if you can put up with his infuriating self-congratulatory writing style).

So yes - regular antialiasing should be all that's needed on a CRT.

And... I'm currently typing this from Konqueror 3, which renders subpixel antialiased Truetype and Type1 fonts absolutely beautifully, along with the rest of KDE 3, in fact I would say it looks a lot nicer than Cleartype. Especially on a 1600x1200 TFT. Mmm, shiny :D

What about Distributed Reflection Denial of Service? It would seem like a good tool to generate lots of flood.

Excuse me?? Nothing that was invented before Microsoft was even founded can qualify as new.

It's just that the Windows User Interface and Windows applications are written under the assumption that users have complete control of the machine.

I have setup many systems (mainly Dells) that ship with Western Digital HDs. A large number of those drives failed very soon thereafter. When Dell came to replace the drives, they were replaced with Maxtors.

Also, here is a snippet from Gibson Research regarding their SpinRite product.

Note: We no longer purchase Western Digital drives, even though their retail point of sale packaging is pretty and the drives are inexpensive. We decided that reliability is more important than a pretty box and saving a few bucks, so we've switched over to Quantum drives exclusively, and have been having much better luck ... so far.

I have setup many systems (mainly Dells) that ship with Western Digital HDs. A large number of those drives failed very soon thereafter. When Dell came to replace the drives, they were replaced with Maxtors.

Also, here is a snippet from Gibson Research regarding their SpinRite product.

Note: We no longer purchase Western Digital drives, even though their retail point of sale packaging is pretty and the drives are inexpensive. We decided that reliability is more important than a pretty box and saving a few bucks, so we've switched over to Quantum drives exclusively, and have been having much better luck ... so far.

Steve Gibson

And what are you doing posting off-topic with a +1 bonus? ;)

http://grc.com/smgassembly.htm

Yep, Gibson writes gui Win32 windows apps in pure x86 assembly. He's nuts, but his apps are tiny and run fast. Lots of good resources there.

Okay, since when has Steve Gibson been posting on Slashdot?

So, you thought desktop/application firewalls were safe? Think again.

Although MS engineers are not really well-known for implementing clever and working solution, I fear that they might have come up with a similar or even advanced technique of establishing a "stealth" connection.

A corporate firewall/packet filter with some sort of IDS enabled and all MS IPs blocked _might_ work if used in conjunction with an application firewall on each individual machine. On the other hand it might trade in too much flexibility for security. If the individual machine depends on http availability your pretty much lost. You can piggyback/tunnel basically anything through that. Disabling IE and using Netscape might put a hold to that.

But there ain't no verification of that unless someone can produce the w2k sources... And if someone does MS will have a patch ready and automatically deployed in RECORD time...

Its a great pity that the ZIP technology is not as reliable as the three and one half inch floppy:
remember this?
.