Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Followup: Zone Alarm and Akamai -- not either one. (blush).

From: Masial <masial () SECURED ORG>
Date: Tue, 17 Oct 2000 13:07:46 -0400
Hi there,

I've been reading your (lenghty) post all the way but im still somewhat
puzzled as to what exactly is the point of it? You have some arguments but
not really organised in an argumentative way, this leaves me into
confusionland.


From your summary, i am going to assume you want us to realise that UDP

probes and DNS spoofing 'from your ISP' can cause harm on your system.
Having read everything else in your post, i fail to see conclusive evidence
that trouble on your computer was related in ANY way to the two 'attacks'
mentioned. Maybe you could come up with a little more on that.

The other cloud is your statement about the concerned system hosting a
hostile process. Maybe I am very stupid here (someone help me please) but
how can a DNS spoof be the cause/effect of my computer having a hostile
process? Or how can it be an 'Intrusion Attempt' (as AdvICE describes it) in
itself?

I think that, indeed, udp probes and dns spoofing from your ISP or anyone
else should be ignored unless you suspect that they are part of a greater
attack process (thats rarely the case if its from your ISP). Most likely,
like AvdICE says, the packets were for the last person using your IP. Now,
if those packets break your machine, you have some serious issues with your
OS!


M.



-----Original Message-----
From: j nickson
Sent: Monday, October 16, 2000 3:40 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Followup: Zone Alarm and Akamai -- not either one. (blush).

Followup:  Zone Alarm and Akamai.

    Well, this is too long, but it may help someone.

Summary:

UDP probes and DNS spoofing from your ISP are generally
recommended to be ignored by various authorities such as the
Black Ice advice area.

This advice may be misleading in some circumstances.

Probably this is generally good advice for the first minute or
two at most, but in the following situation it is more likely
that the system concerned was hosting some hostile process.
Previous By Date Next
Previous By Thread Next

Current thread: