Vulnerability Development mailing list archives
Re: Followup: Zone Alarm and Akamai -- not either one. (blush).
From: Masial <masial () SECURED ORG>
Date: Tue, 17 Oct 2000 13:07:46 -0400
Hi there, I've been reading your (lenghty) post all the way but im still somewhat puzzled as to what exactly is the point of it? You have some arguments but not really organised in an argumentative way, this leaves me into confusionland.
From your summary, i am going to assume you want us to realise that UDP
probes and DNS spoofing 'from your ISP' can cause harm on your system. Having read everything else in your post, i fail to see conclusive evidence that trouble on your computer was related in ANY way to the two 'attacks' mentioned. Maybe you could come up with a little more on that. The other cloud is your statement about the concerned system hosting a hostile process. Maybe I am very stupid here (someone help me please) but how can a DNS spoof be the cause/effect of my computer having a hostile process? Or how can it be an 'Intrusion Attempt' (as AdvICE describes it) in itself? I think that, indeed, udp probes and dns spoofing from your ISP or anyone else should be ignored unless you suspect that they are part of a greater attack process (thats rarely the case if its from your ISP). Most likely, like AvdICE says, the packets were for the last person using your IP. Now, if those packets break your machine, you have some serious issues with your OS! M.
-----Original Message----- From: j nickson Sent: Monday, October 16, 2000 3:40 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Followup: Zone Alarm and Akamai -- not either one. (blush). Followup: Zone Alarm and Akamai. Well, this is too long, but it may help someone. Summary: UDP probes and DNS spoofing from your ISP are generally recommended to be ignored by various authorities such as the Black Ice advice area. This advice may be misleading in some circumstances. Probably this is generally good advice for the first minute or two at most, but in the following situation it is more likely that the system concerned was hosting some hostile process.
Current thread:
- Followup: Zone Alarm and Akamai -- not either one. (blush). j nickson (Oct 16)
- Re: Followup: Zone Alarm and Akamai -- not either one. (blush). Joe (Oct 19)
- Re: Followup: Zone Alarm and Akamai -- not either one. (blush). Masial (Oct 24)