Security Incidents mailing list archives
Re: Malicious use of grc.com
From: gabriel rosenkoetter <gr () eclipsed net>
Date: Tue, 27 Nov 2001 23:32:10 -0500
On Tue, Nov 27, 2001 at 12:46:09AM -0700, Blake McNeill wrote:
Reading Steve Gibson (or someone claiming to be Steve Gibson at least) response to questions concerning this on http://www.dslreports.com/forum/remark,1859774~root=security,1~mode=flat, he says and I quote, "In other words, it is COMPLETELY IMPOSSIBLE to use the ShieldsUP system to launch any sort of denial of service attack against anyone. It's simply not true." Interesting...
Were you purposefully chopping out the relevant information in your quote in order to make Mr. Gibson look bad? If not, then I misunderstood you, but the above sort of comes off as sarcastic. At any rate, I'm glad I bothered to read the post at the URL you mentioned, and I hope other people will as well. The important points that Steve (and let's just assume it's him, shall we?) makes is that his software, on the server side, limits: (a) bandwidth of the scanning to 400 bytes/sec (b) the number of requests aimed at a given IP run at the same time to one This rules out even the remote possibility of a DoS. He also points out that this has been a known, and publicly stated, issue since 10/28/99. You can complain about how long change has been in coming, if you like, but that hardly seems to be content relevant to the incidents mailing list. It's still true that you can scan a host other than your own... *ten* *ports* on that other host. Why waste the time? Go find yourself a public area lab on a university campus or any of the insanely many insecure 802.11B networks in any major city and scan from there... you'll get the same (if not better) anonymity. -- ~ g r @ eclipsed.net
Attachment:
_bin
Description:
Current thread:
- Malicious use of grc.com Magni (Nov 26)
- Re: Malicious use of grc.com Blake McNeill (Nov 27)
- Re: Malicious use of grc.com gabriel rosenkoetter (Nov 28)
- Re: Malicious use of grc.com Blake McNeill (Nov 27)