IP: 2 on Cringely on TCP/IP

[David Farber <dave () farber net>]

Date: Thu, 2 Aug 2001 16:07:28 -0700 (PDT)
From: Karl Auerbach <karl () cavebear com>
Reply-To: Karl Auerbach <karl () cavebear com>
To: David Farber <dave () farber net>
Subject: Re: IP: Cringely on TCP/IP


> > The Death of TCP/IP
> > Why the Age of Internet Innocence is Over
> > By Robert X. Cringely
That article is flawed.
One has always been able to generate bogus packets from Windows machines -
It has always been a "small matter of programming" to reach down to the
hardware, the device driver, one of its abstraction (such as "NDIS") and
do things directly.
And with physical access to a computer one can always simply reboot the
machine from a new disk or CD and simply avoid all operating system
limitations altogether.
For instance, for several years I have had some network troubleshooting
code that simply bypasses the Windows TCP stack and uses it's own protocol
stack to handle its own IP, ICMP, UDP, and even ARP packets using whatever
address has been configured for the troubleshooting software, ignorring
the one that has been programmed into Windows.
(Troubleshooting tools, like surgical scalpels, need to be sharp to be
useful. So I did embed many protections into the software, such as
internal passwords and user interface impediments, to avoid accidental
misuse of strong features. But like a scalpel, network troubleshooting
software can be dangerous if handled incompetently or with an intent to
cause harm.)
Protection against IP address spoofing - which is what this is - really
requires that there be filters in the net's routing infrastructure to
block the propogation of packets bearing addresses that are coming from
places where they shouldn't be coming from. That's a relatively easy
thing to be done near the edges of the Internet - and many consider it
rather important for companies, schools, and edge-ISP to install such
filters. But is very hard to do such filtering the core for reasons not
only of avoiding the per-packet overhead but also because it is very hard
to know in the core when a packet is coming from an improper place.
--karl--
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: farber () cis upenn edu
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie () TransSys COM>
Subject: Re: IP: Cringely on TCP/IP
Date: Thu, 02 Aug 2001 19:08:02 -0400
Sender: louie () whizzo transsys com


Stupid users are not new with the advent of the public Internet and
TCP/IP protocols; it might just be there are many more places you
can find them. People have been running afoul of "active content",
and trojan horses for decades. We've just provided a much more
comfortable medium for them lately.
Remember oh these many years ago, the world of RSCS and BITNET on
IBM systems? Remember the REXX "viruses" which people used to mail
around which would send copies of themselves to everyone else in
your email address notebook? All you need is content which is
some sort of executable code, and an a mail user-agent that allows
execution of it, and, well, here we are.
I don't know what caused this REXX "virus" attack on IBM systems to
no longer be a problem; probably a combination of user education and
fiddling with the underlying email user agents.
Louis Mamakos



For archives see: http://www.interesting-people.org/