RE: DoS, possibly spoofed IP Addresses

["mahmut korkmaz" <mahmutkorkmaz () hotmail com>]

Guys,

cool down....

our discussion is not about grc.com or any comments about this site.

we are talking about "how to chase spoofed IP in the dark"

Here are a few sites, i come accross during my search,


http://www.csm.ornl.gov/~dunigan/oci/bktrk.html

http://www.cisco.com/warp/public/707/22.html

I thank every one of you for your contribution.

Thanks

-M




----Original Message Follows----
From: "Snow, Corey" <CSNOW () ddpwa com>
To: "'Jupp, Peter'" <JuppP () ottawapolice ca>,   "'mahmut korkmaz'"  
<mahmutkorkmaz () hotmail com>,   incidents () securityfocus com
Subject: RE: DoS, possibly spoofed IP Addresses
Date: Wed, 3 Apr 2002 10:39:34 -0800
MIME-Version: 1.0
Received: from [12.104.66.98] by hotmail.com (3.2) with ESMTP id 
MHotMailBE74976C0052400431CF0C684262EBD70; Wed, 03 Apr 2002 10:39:40 -0800
Received: from thumper.deltadentalwa.org (root@localhost)by 
thumper.deltadentalwa.org with ESMTP id g33IdZA03824;Wed, 3 Apr 2002 
10:39:35 -0800 (PST)
> From CSNOW () ddpwa com Wed, 03 Apr 2002 10:40:51 -0800
Message-ID: <200204031839.g33IdZa03820 () thumper deltadentalwa org>
X-Mailer: Internet Mail Service (5.5.2653.19)
X-H-S-Loop-Check-Ejzfr:

Steve Gibson's position on a number of issues, most notably the XP/raw
sockets issue, is not one that is shared by a majority (vast majority) of
security professionals.

Steve Gibson's research on the use of raw sockets is, to say the least,
flawed (IMO). Also, Mr. Gibson engages in no small amount of FUD in his
site, which is less informative than it is inflammatory, again IMO.

I would *highly* recommend a search of the archives of this list, Bugtraq,
and the security-basics list for more information on Steve Gibson and
GRC.com before you take anything he says on his website at http://grc.com as
being useful and/or valuable.

I am not attacking Steve Gibson personally here; in my opinion he's probably
a nice guy. But his actions have done more to harm information security than
improve it. As the site grcsucks.com says, Mr. Gibson is not a scam(er), but
his motivations are worth questioning, as are his methods.

Also, see some of these URLs for counters to Steve Gibson's statements on a
number of issues:

http://grcsucks.com
http://www.theregister.co.uk/content/55/24189.html
http://staff.washington.edu/dittrich/misc/ddos/grc-reply.txt


I don't speak for my employer.

Corey Snow


> -----Original Message-----
> From: Jupp, Peter [mailto:JuppP () ottawapolice ca]
> Sent: Wednesday, April 03, 2002 6:56 AM
> To: 'mahmut korkmaz'; incidents () securityfocus com
> Subject: RE: DoS, possibly spoofed IP Addresses
>
>
> Hi Murat,
> The best reading I've done about DoS attacks was courtesy of
> Steve Gibson, look here http://grc.com/dos/grcdos.htm , of
> particular interest elsewhere on Mr Gibson's site is the
> information about Windows XP raw sockets, which deliver IP
> spoofing capability to the masses.
> Good Luck,
> Peter.
>

>

#########################################################
The information contained in this e-mail and subsequent attachments may be 
privileged,
confidential and protected from disclosure.  This transmission is intended 
for the sole
use of the individual and entity to whom it is addressed.  If you are not 
the intended
recipient, any dissemination, distribution or copying is strictly 
prohibited.  If you
think that you have received this message in error, please e-mail the sender 
at the above
e-mail address.
#########################################################


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com