>If I put a server on the 'net, I don't expect it to be broken into. Nor do I expect my car in a public parking lot to be. However, I do expect that if I park my car in a public parking lot, someone may *look* at it. Oh no! You looked at my car! You *must* be trying to break in. What other reason could you possibly have for looking at my car?
To take this analogy one step further, at least in the UK and I expect elsewhere as well if you leave you car with the engine going and someone steals it the insurance companies wont pay out.
Leaving a port open that shouldn't be left open is the equivalent of leaving a car with the engine running. Portscanning is the equivalent of walking down the road seeing which cars have been left with their engines running.
The only difference is that car thieves who rely on cars being left with their engines running are unlikely to find many opportunities (at least in the UK) but portscanning to look for vulnerable hosts is still very productive. And once you have compromised one host you can then use it to attack others.
This would be akin to using the car you have just stolen to cruse the neighbourhood looking for other opportunities. Reporting the licence plate (IP address) of the "suspicious" car (port scan)will result in some innocent person receiving a visit from the law.
>>What about 50 TCP requests to a computer to 50 different ports in one second?
>This is gray, but it's a pretty dark shade of gray. Note that in general speed is less of an issue than spread
And what if some/.er decides to post a link to www.myrandomscan.com that generates a page that includes 200 "images" to be retrieved from some random IP on random ports. Who is doing the scanning? Infact, if the page is well designed and hosted in an appropriate country you could probably get the person who clicked on the link under 3 or 4 laws at once:-)
It's over 10 years since I did this and E-M was never my string point but ISTR that at 50Hz (Yup I know the US uses 60) the useful current was carried in a skin of about 1cm. Therefore, I would suspect that the principle problem is cross-section to wind.
I would expect winpcap to be very difficult to install remotely. And it requires a reboot.
Also when I was using it with ADSL before linux drivers were available for the USB modem we get in the UK windows was very very... very fussy about what order the interface drivers and winpcap were installed in. Uninstalling and reinstalling tcp-ip was sufficient to render the machine unbootable.
Fortunately, I kept a low level snapshot of the windows partition so I just booted into linux, zcat windows-is-screwed.gz | dd of=/dev/hda1 and all was well again:-)
But what would happen if I dialed a number, got the engaged tone and then said,
"You're on that *** phone again. I'm going to have to cut your tongue out."
I can see how someone who overheard the comment could complain about the language (Substitute suitable words for ***) but I can't really see how a court could consider this to be a threat unless you repeat it to the person it was intended for.
On the radio (BBCR4) on saturday there was a couple who had returned home to discover that the cat was walking round with the budgie in its mouth.
The woman screamed and then the husband shouted "You bloody cat. I'm going to kill you."
The neighbour rushed around expecting (hoping?) to stop a murder but all was well in the end.
Have I got this right. Can you really be prosecuted for threatening someone even if they couldn't have been threatened by it. It will be thought police next.
In 2001, when the thought police come Knocking at your door. Think? "I'm Out".
IANAPL but I have had patent lawyers _attempt_ to explain this to me. I could have got it completely wrong:-)
(This is changing/might have changed)
In the US a patent application cannot be challenged by a third party until it is granted. The patent office itself can reject the application etc.
Once the patent is granted it is then fair game for challenge _BUT_ the courts will assume that the patent is fair and valid unless the challenger proves otherwise.
Here in the UK interested parties can object to the patent office about a patent before it is granted. I have no idea quite what happens if someone does challenge.
How about you list say all the vulnerabilities that M$ has reported and patched over the last 12 months regardless of whether they are vulnerable and maybe some reports of CGI/ASP programmes that don't check and validate user input before sending it off to the database.
Don't explicitly mention any vulnerability they have but try to cover them indirectly.
void strcpy(char *dest, char *src) {
while(*dest++ = *src++);
}
My comp sci teacher would definitely prefer that I write code like this:
void strcpy(char *dest, char *src) {
int length = strlen(src);
for (int i=0; i
dest[i] = src[i];
}
dest[i] = '\0';
}
Both pieces of code do the same thing (unless I screwed up). The second piece of code is probably (definitely for a beginning programmer) easier to understand. However, I find the first one aesthetically pleasing. It's succinct, and it makes me feel smart when I write it, since it's not so transparent. Furthermore, unless the compiler is really good at optimization, it's going to be faster.
Actually I think the first is easier to understand. OK it might look cryptic to a non C programmer but it is the absolutely bog standard way of doing this. Compare this with the "Reg. v Jones 1846 III 3 i P2" or whatever it is crap that the Lawyers use for their references. I wouldn't know how to look up one of these references let alone understand the "language" the reference is written in.
I haven't seen any DNS problems until today but I have noticed others complaining. I run my own DNS servers at home that forward to various ISPs and finally fall back to the root servers so I expect I am fairly immune to localized problems.
But today I have been unable to resolve opensource.org either from home or from work.
I wonder how many of these problems are as a result of these canned 'sploits against bind. I see 5-10 port 53 probes a day against my home network. (In general I think these no-brains attacks are getting much more common. Sunday saw a Windows unicode attack against my apache server:-)
We might see even more fun with this latest ipfilter problem. People who previously thought they were safe because their nameservers wouldn't respond to external queries due to firewall rules might find themselves suddenly vulnerable again.
A fragmentation attack against IP Filter
Slashdot Mirror
>If I put a server on the 'net, I don't expect it to be broken into. Nor do I expect my car in a public parking lot to be. However, I do expect that if I park my car in a public parking lot, someone may *look* at it. Oh no! You looked at my car! You *must* be trying to break in. What other reason could you possibly have for looking at my car?
To take this analogy one step further, at least in the UK and I expect elsewhere as well if you leave you car with the engine going and someone steals it the insurance companies wont pay out.
Leaving a port open that shouldn't be left open is the equivalent of leaving a car with the engine running. Portscanning is the equivalent of walking down the road seeing which cars have been left with their engines running.
The only difference is that car thieves who rely on cars being left with their engines running are unlikely to find many opportunities (at least in the UK) but portscanning to look for vulnerable hosts is still very productive. And once you have compromised one host you can then use it to attack others.
This would be akin to using the car you have just stolen to cruse the neighbourhood looking for other opportunities. Reporting the licence plate (IP address) of the "suspicious" car (port scan)will result in some innocent person receiving a visit from the law.
Tim.
I don't know portsentry but either it doesn't respond to the first packet of a TCP connect or you are leaving yourself open to someone DOSing you.
Tim
>>What about 50 TCP requests to a computer to 50 different ports in one second?
/.er decides to post a link to www.myrandomscan.com that generates a page that includes 200 "images" to be retrieved from some random IP on random ports. Who is doing the scanning? Infact, if the page is well designed and hosted in an appropriate country you could probably get the person who clicked on the link under 3 or 4 laws at once :-)
:-)
>This is gray, but it's a pretty dark shade of gray. Note that in general speed is less of an issue than spread
And what if some
(It's a change on goatse.cx anyway
Tim.
It's over 10 years since I did this and E-M was never my string point but ISTR that at 50Hz (Yup I know the US uses 60) the useful current was carried in a skin of about 1cm. Therefore, I would suspect that the principle problem is cross-section to wind.
I would expect winpcap to be very difficult to install remotely. And it requires a reboot.
... very fussy about what order the interface drivers and winpcap were installed in. Uninstalling and reinstalling tcp-ip was sufficient to render the machine unbootable.
:-)
Also when I was using it with ADSL before linux drivers were available for the USB modem we get in the UK windows was very very
Fortunately, I kept a low level snapshot of the windows partition so I just booted into linux, zcat windows-is-screwed.gz | dd of=/dev/hda1 and all was well again
You need to learn about exponentials.
Lets assume there are 4billion people (2^32) each wanting to run 4billion apps (2^32) each requiring 4 billion IPs (2^32).
Total IP consumption 2^96. So we can grow by a factor of 4 billion (2^32) before we need to worry.
2^128 is Big, Really Big. In fact you don't want to know quite how big it is.
So long, And thanks for all the fish.
Tim.
I should have made it clear that this is a true story rather than a play.
Tim.
But what would happen if I dialed a number, got the engaged tone and then said,
"You're on that *** phone again. I'm going to have to cut your tongue out."
I can see how someone who overheard the comment could complain about the language (Substitute suitable words for ***) but I can't really see how a court could consider this to be a threat unless you repeat it to the person it was intended for.
On the radio (BBCR4) on saturday there was a couple who had returned home to discover that the cat was walking round with the budgie in its mouth.
The woman screamed and then the husband shouted "You bloody cat. I'm going to kill you."
The neighbour rushed around expecting (hoping?) to stop a murder but all was well in the end.
Tim.
Have I got this right. Can you really be prosecuted for threatening someone even if they couldn't have been threatened by it. It will be thought police next.
In 2001, when the thought police come Knocking at your door. Think? "I'm Out".
Tim.
IANAPL but I have had patent lawyers _attempt_ to explain this to me. I could have got it completely wrong :-)
(This is changing/might have changed)
In the US a patent application cannot be challenged by a third party until it is granted. The patent office itself can reject the application etc.
Once the patent is granted it is then fair game for challenge _BUT_ the courts will assume that the patent is fair and valid unless the challenger proves otherwise.
Here in the UK interested parties can object to the patent office about a patent before it is granted. I have no idea quite what happens if someone does challenge.
How about you list say all the vulnerabilities that M$ has reported and patched over the last 12 months regardless of whether they are vulnerable and maybe some reports of CGI/ASP programmes that don't check and validate user input before sending it off to the database.
Don't explicitly mention any vulnerability they have but try to cover them indirectly.
while(*dest++ = *src++);
}
My comp sci teacher would definitely prefer that I write code like this: void strcpy(char *dest, char *src) {
int length = strlen(src);
for (int i=0; i dest[i] = src[i];
}
dest[i] = '\0';
}
Both pieces of code do the same thing (unless I screwed up). The second piece of code is probably (definitely for a beginning programmer) easier to understand. However, I find the first one aesthetically pleasing. It's succinct, and it makes me feel smart when I write it, since it's not so transparent. Furthermore, unless the compiler is really good at optimization, it's going to be faster. Actually I think the first is easier to understand. OK it might look cryptic to a non C programmer but it is the absolutely bog standard way of doing this. Compare this with the "Reg. v Jones 1846 III 3 i P2" or whatever it is crap that the Lawyers use for their references. I wouldn't know how to look up one of these references let alone understand the "language" the reference is written in.
But today I have been unable to resolve opensource.org either from home or from work.
I wonder how many of these problems are as a result of these canned 'sploits against bind. I see 5-10 port 53 probes a day against my home network. (In general I think these no-brains attacks are getting much more common. Sunday saw a Windows unicode attack against my apache server :-)
We might see even more fun with this latest ipfilter problem. People who previously thought they were safe because their nameservers wouldn't respond to external queries due to firewall rules might find themselves suddenly vulnerable again. A fragmentation attack against IP Filter