Snort mailing list archives
GRC.com attack and TCP stacks
From: Galitz <galitz () uclink berkeley edu>
Date: Fri, 22 Jun 2001 17:44:32 -0700
I was just reading this article about how Gibson Research was knocked off the net ( http://grc.com/dos/grcdos.htm ). Near the end of the article was a section on detecting these bots. As a new snort user, I can probably RTM and create some rules that create an alert for ports 6667 and 113, but how do I test it? -George
So, I read the above URL, but I am curious. Steve states: Microsoft's engineers never fully implemented the complete "Unix Sockets" specification in any of the previous version of Windows. And goes to say that a MS Windows pre-2000 or XP box cannot generate spoofed packets without the attacker (or security auditor) using special device drivers. My question is... what the heck is he talking about? Is this true? Is it not possible to generate spoofed traffic on an NT box using only the OS and no new drivers to be installed? What missing functionality is being alluded to here? -geoff ----------------------------------------------------------------------- Geoff Galitz | "Beer is proof that God loves us." Research Computing, UC Berkeley | Theodore Roosevelt galitz () uclink berkeley edu | ----------------------------------------------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- GRC.com attack and TCP stacks Galitz (Jun 22)
- Re: GRC.com attack and TCP stacks Edwin Chiu (Jun 22)
- Re: GRC.com attack and TCP stacks Benjamin Krueger (Jun 23)
- Re: GRC.com attack and TCP stacks Matt Watchinski (Jun 24)
- Re: GRC.com attack and TCP stacks Jason Robertson (Jun 24)
- Re: GRC.com attack and TCP stacks Benjamin Krueger (Jun 23)
- <Possible follow-ups>
- RE: GRC.com attack and TCP stacks Mayers, Philip J (Jun 25)
- Re: GRC.com attack and TCP stacks Edwin Chiu (Jun 22)