GRC.com attack and TCP stacks

[Galitz <galitz () uclink berkeley edu>]

> > I was just reading this article about how Gibson Research
> > was knocked off the net ( http://grc.com/dos/grcdos.htm ).
> > Near the end of the article was a section on detecting these
> > bots.  As a new snort user, I can probably RTM and create
> > some rules that create an alert for ports 6667 and 113,
> > but how do I test it?  -George

So, I read the above URL, but I am curious.  Steve
states:


    Microsoft's engineers never fully implemented the complete
    "Unix Sockets" specification in any of the previous version
    of Windows. 

And goes to say that a MS Windows pre-2000 or XP box cannot
generate spoofed packets without the attacker (or security 
auditor) using special device drivers.

My question is... what the heck is he talking about?  Is
this true?  Is it not possible to generate spoofed traffic
on an NT box using only the OS and no new drivers to be
installed?  What missing functionality is being alluded
to here?

-geoff


-----------------------------------------------------------------------
Geoff Galitz                     |  "Beer is proof that God loves us."
Research Computing, UC Berkeley  |     Theodore Roosevelt
galitz () uclink berkeley edu       |
-----------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users