TCP/MS, We'll Cure What Ails You

Cringely can string some words together from time to time, and this week's installment is a pretty good one. He's been reading a little too much Gibson (raw sockets have nothing to do with the spread of MSTD ^[?] 's), but overall, he's probably right. When the time is ripe, I think we'll see a move exactly like this.

Re:Gibson wrote zone alarm?

[jeremy+f]

Gibson constantly plugs Zone Alarm, so it's not suprising that people who don't read carefully would think that Zone Alarm is a GRC product, not a Zone Labs product.

If Gibson wrote Zone Alarm, it'd look as ugly as hell, have lots of BIG and alternating fonts, but be less than 300k in size, written in ASM, and fast as hell.

Gibson wrote zone alarm?

[Safety+Cap]

By default, under this scenario, your PC becomes a TCP/IP read-only device. By running applications like Gibson's Zone Alarm you can -- right now -- severely limit the use of TCP/IP by applications on your PC

I didn't know Steve Gibson wrote Zone Alarm. When did this happen? What happened to Zone Labs?!

Not necessarily

[marm]

If these attacks used spoofed IP packets, there would be no easy defense.

Except for if every damn net admin would WAKE UP and SMELL THE COFFEE and IMPLEMENT EGRESS FILTERING or SOURCE ROUTE VERIFICATION or whatever your router calls it.

If you have a router built within the last 5 years, I can pretty much guarantee you it supports it. So turn it on already!

If every border router on the internet used it, we could stamp out IP address spoofing overnight. No magic about it. All the border router has to do is check that the source address of the packet is within the range of addresses that it 'owns'. If it isn't, drop it, and log the MAC address so that it can be traced.

Easy huh? Any router worth its salt can do it, so...

Please!?!? What does it take to convince you?