TCP/MS, We'll Cure What Ails You

Cringely can string some words together from time to time, and this week's installment is a pretty good one. He's been reading a little too much Gibson (raw sockets have nothing to do with the spread of MSTD ^[?] 's), but overall, he's probably right. When the time is ripe, I think we'll see a move exactly like this.

Raw Sockets == IP packet spoofing

[PureFiction]

There seems to be a lot of confusion about this.

Raw Sockets allow someone to send forged IP packets (spoofing) that appear to come from any IP address the sender chooses.

This makes filtering a DoS attack harder, because you can no longer filter the traffic by IP or domain.

So, right now the limited defense in the DDoS zombie attacks from Windoze is the fact that the IP packets have valid source addresses. These can be filtered at backbone or ISP provider routers.

If these attacks used spoofed IP packets, there would be no easy defense.

No need

[Mr_Person]

Is it just me or does none of the stuff he suggests need to be invented? He talks about an "Internet ID", a voluntary system where people can identify who sent the message. Um, it's called PGP - sign your messages.

He wants a way for ports to be "registered" and only opened for certaing things. Why not use a firewall, or just get Zone Alarm?

Also, what's the big deal about raw sockets? They obviously aren't needed to spread viruses as SirCam, ILoveYou, etc. have shown us.