Slashdot Mirror

there is no "code" just a bunch of n00bs looking at packet captures while other
people interject "whats a packet" and "if i knew about computers i would help" ,
hell they even reccomend Steve Gibsons site (grc.com) to check if they are
infected and as anyone with a clue knows he's not worth listening to

of
course if anyone has a complete dissasembly then post away , but at the moment
there is nothing of value in any of dslreports threads

there is no "code" just a bunch of n00bs looking at packet captures while other people interject "whats a packet" and "if i knew about computers i would help" , hell they even reccomend Steve Gibsons site (grc.com) to check if they are infected and as anyone with a clue knows he's not worth listening to

of course if anyone has a complete dissasembly then post away , but at the moment there is nothing of value in any of dslreports threads

hrhrmm... Steve?

Spinrite is garbage. I don't wanna sound like a troll, but everything Steve Gibson says has been thoroughly debunked. Don't mind the domain name. The operators of grcsucks.com run a classy operation, believe it or not:

We encourage you to research each topic for yourself: check out all the links, especially the ones that seem contrary to your views; question the motivation of the writer and publisher; and form your own opinion about the information that is being presented. We suggest that you treat all other news/information outlets in the same way - the media have strong biases which directly affect the way in which news and information is presented to you - and very often that leads to disinformation.

I would not reccomend SpinRite, as it costs money and does nothing new.

http://www.grcsucks.com

nuff said

Q: Why don't you talk to Steve Gibson of GRC.COM, he knows all about this stuff?

We already have many people working with us who are intimately familiar with DDoS attacks and how to deal with them.

Take a look at this link then tell me what you would do if this happened to you and your network/website. Take a look at this and see why GRC is a liar and a fraud.

Most of the predictions were "more of the same". I seriously doubt we'll be seeing "a major Cyberterrorism event" though -- I usually expect to hear this from sensationalists, not legitimate security experts. Think Steve Gibson. In fact, the theorized cause of these massive DDoS attacks is supposed to be windows systems, and the Raw Sockets are Evil thread is brought back to mind.

One big unforgivable mistake in the article: there was no bug in DNS -- there was a bug with BIND. Anyone using nameservers or libraries that were not part of BIND were unaffected. The fact that he assumes BIND is the only DNS server in the world is a big mistake, and one of the reasons DJBDNS doesn't get enough airtime.

Overall, I didn't see anything in the article that I didn't already see a hundred other places.

Personally, I'd like to hear what the authors of Hacking Linux Exposed have to say. Their book has a lot more grit and less soft-shoeing over the topics. Real World Linux Security has always been too full of stories and not enough answers for me. (Of course I bought the 2nd edition anyway.)

Most of the predictions were "more of the same". I seriously doubt we'll be seeing "a major Cyberterrorism event" though -- I usually expect to hear this from sensationalists, not legitimate security experts. Think Steve Gibson. In fact, the theorized cause of these massive DDoS attacks is supposed to be windows systems, and the Raw Sockets are Evil thread is brought back to mind.

One big unforgivable mistake in the article: there was no bug in DNS -- there was a bug with BIND. Anyone using nameservers or libraries that were not part of BIND were unaffected. The fact that he assumes BIND is the only DNS server in the world is a big mistake, and one of the reasons DJBDNS doesn't get enough airtime.

Overall, I didn't see anything in the article that I didn't already see a hundred other places.

Personally, I'd like to hear what the authors of Hacking Linux Exposed have to say. Their book has a lot more grit and less soft-shoeing over the topics. Real World Linux Security has always been too full of stories and not enough answers for me. (Of course I bought the 2nd edition anyway.)

What about Steve Gibson is a Poseur?? It seems like he's theories are great tools to generate lots of FUD.

I can highly recommend Steve Gibson and his company Gibson Research Corporation for doing your audit. He is clearly the expert you and your company needs.

Here's a nice page about Steve Gibson's "discoveries" as a security expert: http://grcsucks.com/ Pretty lame name, but a good read.

Is nastier.

Steve Gibson is an idiot.

Don't you know that Steve Gibson, the WORLDS GREATEST HACKER! has decreed that only criminals have need to create their own packets?! For shame! (yes, this is full of sarcasm and contempt directed towards Steve Gibson. Follow the second link. The man is the Jerry Springer of the Internet.)

A DDoS attack is damaging, either spoofed or non-spoofed, but Gibson's main premise is that, with the inclusion of raw sockets into WinXP, spoofed DDoS attacks will conquer the internet, be untraceable and unblockable, and generally bring around the end of the world as we know it.

For more info on paranoia, read here. Then, before the marketing spin catches a hold of your soul, read here.

Gawyn

Steve Gibson is a gibbering idiot.

from grc.com : "... my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers."

Pffff, who is this guy, Ethan Hunt?

SG: WOW, I've just been hax0red by some L33t d00d. Fortunatly, my superior security knowledge enables me to find him, and address his irresponsible behaviour.
script kiddie: I d00 th15 ju5t f0r kix! U can't st0p m33!
SG: [pads the boy on the shoulder to comfort him for the obvious lack of parental guidance] Ok, I'm not a bad guy, see, I wrote hackers are cool once.
sk: You're right! Hey why don't you unleash your mad programming skills and write something to protect us all from further havoc caused by people like me?
SG: I just might do that

Steve Gibson is a moron, and to be ignored in serious conversation

(see here and here)

nearly all successful attacks against IRC servers are DoS attacks, which cost a lot of bandwidth, and apparantly the University of Colorado is tired of supplying it.

Read and learn. Then explore the rest of the site.

YES ... although the vast number INITIALLY authored by "grcsucks.com" started to turn me off ... I do note that this seems to have recently changed as now less than half are authored by "grcsucks.com"

xoxoxoxo
"There are other people then Microsoft that think Steve Gibson is a complete idiot - especially because of his continued rants about Raw Sockets. .... conclusions they've reached all on their own. "

From the grcsucks.com website (links to other articles) "[Steve Gibson] did a lot of good work to educate the average PC user in those topics. [Steve Gibson] also helped the internet a great deal with getting less messed up."

GRIN ;-) Evidently some of those "other people" cited by grcsucks.com do NOT "think Steve Gibson is a complete idiot"

xoxoxoxo
"The Register has posted several articles where they go against Steve Gibson's 'logic'. They have even done a radio interview for a popular US radio talk show where they argue out his supposed 'logic'."
ARTICLES: I recall reading a multi-page article in The Register yesterday that SUPPORTED Steve's points/fears albeit in a very poo-poo fashion. My apologies for not supplying a link but I can not seem to access The Register at the moment. I do agree with you that The Register articles of several weeks ago were very "anti-Steve." However, I sense a change afoot.
RADIO INTERVIEW: I downloaded a file "grc_low.wma" (2,781 KB) from somewhere and listened to Steve, a guy from The Register's Washington Bureau, and the radio host "go at it" ... it was all very civil and polite. In the end, I continued to agree with Steve (he does need voice training though).

was created one week after Steve Gibson and Microsoft go to war over the WinXP Raw Sockets Vulnerability ... what a coincidence for a well-done spoof site of Steve Gibson's to go online a week after Steve and MS start fighting

has bogus/ridiculous/fake Registrant, Administrative, Technical, & Billing WHOIS information

We are all part of a team, the team can work together to ensure:

spoofed packets don't leave a team-member's network

OS's that allow easy IP spoofing are changed to make it difficult to spoof by implementing access controls a la WinNT/Unix/Linux. Evidently WinXP consumer edition has ZERO-DESIRE to be a team-player like its Win95/98/NT cousins.

FYI, Steve Gibson has posted his latest explanation of the WinXP Raw Sockets Vulnerability here from whence the concern of "WinXP boxes and ... their [spoofed] IP addresses" evidently first originated.

Steve & Co. also provide two "quick 'n dirty" FREE programs to download to:

test your access to "raw sockets" (all Win OS)

secure NON-SYSTEM "raw sockets" access (Win2K & WinXP) to see that Win2K & WinXP continue to function just fine

The funny part is that Steve Gibson now uses Microsoft's own MSDN Technical Documentation against Microsoft. Steve provides quotes from the Microsoft MSDN websites and links to the original Microsoft Technical Documentation

As of 8/13/01 @ 0801 PST, all the links to the Microsoft Technical Documentation PROVING (?) Steve Gibson's points were fully functional.

BTW, for a "nail biting" (grin - soon to be a motion picture - grin) tale of one man's experience with a Distributed Denial of Service attack read both here and SlashDot commentary to learn where Steve's fear of WinXP Raw Sockets originates (i.e. WinXP zombies doing DDOS with the easy to spoof WinXP box IP addresses due to desktop Joe/Jane-consumer user always being "root")

Evidently, Steve Gibson can now quote chapter and verse back to Microsoft and ask Microsoft "Why are you [microsoft] now contradicting yourself."

BTW, there is now an "astroturf" (?) website devoted to debunking Steve Gibson here although all the DNS details seem bogus ("How convenient for the astroturf PR agency!!!" says the Church lady)

FYI, Steve Gibson has posted his latest explanation of the WinXP Raw Sockets Vulnerability here from whence the concern of "WinXP boxes and ... their [spoofed] IP addresses" evidently first originated.

Steve & Co. also provide two "quick 'n dirty" FREE programs to download to:

test your access to "raw sockets" (all Win OS)

secure NON-SYSTEM "raw sockets" access (Win2K & WinXP) to see that Win2K & WinXP continue to function just fine

The funny part is that Steve Gibson now uses Microsoft's own MSDN Technical Documentation against Microsoft. Steve provides quotes from the Microsoft MSDN websites and links to the original Microsoft Technical Documentation

As of 8/13/01 @ 0801 PST, all the links to the Microsoft Technical Documentation PROVING (?) Steve Gibson's points were fully functional.

BTW, for a "nail biting" (grin - soon to be a motion picture - grin) tale of one man's experience with a Distributed Denial of Service attack read both here and SlashDot commentary to learn where Steve's fear of WinXP Raw Sockets originates (i.e. WinXP zombies doing DDOS with the easy to spoof WinXP box IP addresses due to desktop Joe/Jane-consumer user always being "root")

Funny thing now is that Steve Gibson can now quote chapter and verse back to Microsoft and ask Microsoft "Why are you [microsoft] now contradicting yourself."

BTW, there is now an "astroturf" (?) website devoted to debunking Steve Gibson here although all the DNS details seem bogus ("How convenient for the astroturf PR agency!!!" says the Church lady)