Snort mailing list archives
RE: GRC.com attack and TCP stacks
From: "Mayers, Philip J" <p.mayers () ic ac uk>
Date: Mon, 25 Jun 2001 12:32:32 +0100
I have to say, the grc.com article was more than a little alarmist. Raw sockets aren't the problem - the abuse of such a facility is a symptom of a larger problem, that of ISPs not doing egress checking. A lot of ASIC-based router (vendors) don't provide an easy way to do this, but they all provide ACLs, which should be implemented at their edge connections. ISPs using Ciscos have no excuse at all. The future would be a lot rosier if these kinds of things started to come turned on by default... And yes, I'm well aware of the problems running with RPF checking in a multi-routed core - but I'm talking about the *edge*. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Benjamin Krueger [mailto:roo () ufies org] Sent: 24 June 2001 03:06 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] GRC.com attack and TCP stacks The big deal is that 2k does, and more importantly, XP will, have support for raw sockets (enabling spoofing) by default. Millions of shiney new end user XP machines on cable and dsl that let a trojan bot spoof with their default stack. This is the future kids... Benjamin Krueger Rogue Unix Weenie _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- GRC.com attack and TCP stacks Galitz (Jun 22)
- Re: GRC.com attack and TCP stacks Edwin Chiu (Jun 22)
- Re: GRC.com attack and TCP stacks Benjamin Krueger (Jun 23)
- Re: GRC.com attack and TCP stacks Matt Watchinski (Jun 24)
- Re: GRC.com attack and TCP stacks Jason Robertson (Jun 24)
- Re: GRC.com attack and TCP stacks Benjamin Krueger (Jun 23)
- <Possible follow-ups>
- RE: GRC.com attack and TCP stacks Mayers, Philip J (Jun 25)
- Re: GRC.com attack and TCP stacks Edwin Chiu (Jun 22)