http://grc.com/dos/grcdos.htm Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker. -- -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org
Read the article and thought it was a compliance issue with the Unix Socket standaard. Windows Me and lower were not 100% compliant with this standards, so no flooding with TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable of sending TCP SYN and TCP ACK attacks.......... "Fred A. Miller" wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
-- -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org
-- Thanks in advance, Stefan -------------------------------------------------------------- Linux a world without borders, fences, windows and gates..... Titanic98 "Which computer do you want to sink today????"
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote: SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks.......... Exactly - the quote was: "When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before." <flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait> Discuss ;-) Olly
Oliver Maunder wrote:
Exactly - the quote [from Steve Gibson] was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
The problem really lies in the insecure nature of the TCP/IP protocols themselves and the way they allow spoofing. Eventually the cost of DDoS (Distributed Denial of Service) attacks will become so high that the infrastructure providers will be forced to modernize the protocols, since the cost of the damage will exceed the cost of the conversion. Paul
This is why, as a year old penguin myself, I desparately need an interface that will help me understand how to make a secure firewall without A) leaving blatant holes waiting to be exploited, and/or B) impliment rules that lock my network interface down so much I might as well unplug my RJ-45. Another thing this newbie would really appreciate is a realtime monitor that would give me information/alerts when something tries to send or receive when it wasn't initiated by me. Just a thought or two. Cheers. Curtis On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
My suggestions are: 1) use SuSEfirewall and be prepared to make changes. It is unlikely you will get everything perfect on the first try. Then get someone you trust to run nessus, satan, saint, or nmap on your system from outside the firewall and tell you what it finds. 2) use Portsentry as an inner defense and watchdog. It monitors the unused privileged ports and yells when someone tries to connect to them and routes their bits to the bitbucket. This is good for protecting you against holes in the firewall and the firewall being down for one reason or another. 3) Xlogmaster. It will display your logs and can execute user defined actions on detecting patterns in the logs. It can play sound files, execute scripts to e-mail your cellphone, etc. 4) Look at your logs, subscribe to suse-security and other security e-mail lists, and do daily backups. HTH, Jeffrey Quoting Curtis Rey <crrey@home.com>:
This is why, as a year old penguin myself, I desparately need an interface that will help me understand how to make a secure firewall without A) leaving blatant holes waiting to be exploited, and/or B) impliment rules that lock my network interface down so much I might as well unplug my RJ-45. Another thing this newbie would really appreciate is a realtime monitor that would give me information/alerts when something tries to send or receive when it wasn't initiated by me. Just a thought or two.
Cheers. Curtis
On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
Tuesday, June 05, 2001, 3:47:58 PM, Curtis Rey wrote: CR> This is why, as a year old penguin myself, I desparately need an interface CR> that will help me understand how to make a secure firewall without A) leaving CR> blatant holes waiting to be exploited, and/or B) impliment rules that lock my CR> network interface down so much I might as well unplug my RJ-45. Another CR> thing this newbie would really appreciate is a realtime monitor that would CR> give me information/alerts when something tries to send or receive when it CR> wasn't initiated by me. Just a thought or two. Just what I'm after too (as a six-month old penguin :-) ). I'm running SuSEfirewall, which was nice and easy to set up, but I don't think it's giving that much protection. For example, port 21 is open for ftpd, but as far as I can see it, there's nothing to stop any other program using that port. What would be ideal is something like ZoneAlarm or Tiny Personal Firewall on Windows. When a program tries to access the internet, it asks the user if it's OK, and you can give permission on a one-off basis, or for all future occasions. Is there anything like this available for Linux? I know there are other solutions available (like Tripwire), and that I can check the firewall logs to see what's been going on, but that can be so *dull*! Olly CR> Cheers. Curtis CR> On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
Oliver
From Oliver Maunder to SuSE Discussion List about Re[4]: [SLE] DoS attacks...:
Just what I'm after too (as a six-month old penguin :-) ).
I'm running SuSEfirewall, which was nice and easy to set up, but I don't think it's giving that much protection. For example, port 21 is open for ftpd, but as far as I can see it, there's nothing to stop any other program using that port.
Only root can run programs bound to ports under 1024, if you don't run ftpd, you can block it with your firewall, if you do, no other program can listen on that port because ftpd already does so.
What would be ideal is something like ZoneAlarm or Tiny Personal Firewall on Windows. When a program tries to access the internet, it asks the user if it's OK, and you can give permission on a one-off basis, or for all future occasions. Is there anything like this available for Linux?
I don't know but, personally, I wouldn't want this. In windows such a program is also more of a use because when you download a fancy screensaver, you don't know if it has a trojan in it or not. If one of those programs you mentioned gives you an alert your screensaver wants to use the internet, that's good. But in linux, as most programs are open source, you won't have this issue (programs wanting to make connections, without you knowing it) unless you are already hacked of course. In that case your firewall program could be replaced and you still wouldn't notice anything.
I know there are other solutions available (like Tripwire), and that I > can check the firewall logs to see what's been going on, but that can be so *dull*!
It is dull but it all depends on what you're trying to protect. If you just have your home pc with no critical services or secret data, it would be silly to spend hours analyzing logs and tweaking a complex firewall. It should be enough to run as least as possible services, install security updates when they come available and being carefull. If you per se want your logs analyzed, there are programs for this, as Jeffrey already mentioned.
Olly
CR> Cheers. Curtis
CR> On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
Oliver
-- dieter
Curtis Rey wrote:
This is why, as a year old penguin myself, I desparately need an interface that will help me understand how to make a secure firewall without A) leaving blatant holes waiting to be exploited, and/or B) impliment rules that lock my network interface down so much I might as well unplug my RJ-45. Another thing this newbie would really appreciate is a realtime monitor that would give me information/alerts when something tries to send or receive when it wasn't initiated by me. Just a thought or two.
Cheers. Curtis
On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
tail -f /var/log/messages tail -f /var/log/firewall ctr-c to exit tail -f Maybe setup snort and crontab to send you snort stuff. Hope that helps. Matt
participants (8)
-
Curtis Rey -
dieter -
Fred A. Miller -
Jeffrey Taylor -
Matthew -
Oliver Maunder -
Paul Abrahams -
S. Bulterman