Su Gibson

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Giugno 2001 ml@sikurezza.org
Soggetto: Su Gibson
Mittente: TNT
Data: 6 Jun 2001 08:21:31 -0000

Questo articolo e' apparso oggi sulle Security News di AtStake (una
volta HackerNews)...
L'articolo completo e' su New York Times, richiede di registrarsi ma
penso ne valga la pena.
Lascio a voi i commenti.

------------------------------------------------------------------------
Raw Sockets are not a Security Risk
contributed by Chris Wysopal (Jun 5, 2001 4:43 pm EST) 

The New York Times has an article about Steve Gibson's unfounded and
hyped concern about Windows XP containing raw socket functionality. 

Th "powerfull Internet-connection capabilities" which is hyped in this
article is merely the ability to write raw IP packets. This is where an
application program controls every field in the IP packet. This
functionality is required if you were writing your own network bridge
program for Windows or other low level network applications. An IDS for
NT that resets connections would need this functionality. AntiSniff (1)
which detects sniffers on a network, requires this functionality. 

This capability, which this article states is so dangerous to the
internet, is already available practically everywhere. It is available
in every commercial and open source unix distribution and is already
available for all Windows platforms (not just Windows XP) through the
use of free add on libraries such as winpcap (2) and libnetNT (3). 

The hype and hyperbole is astounding. From reading this article you'd
think a deluge of DDoS attacks was building up just waiting to be
released once Microsoft releases the all powerful new API. Nothing
could be further from the truth. When XP arrives it will receive a
collective yawn from DDoS attackers who would much rather have their
win32 DDoS clients run on every version of windows using the already
available add on libraries. 

Once an attacker has administrative control of a machine they can run
any code they want, whether it is native or in an uploaded executable.
There is absolutely nothing stopping an attacker from spoofing IP
addresses from a Windows machine today or tommorrow.

(1) http://www.securitysoftwaretech.com/antisniff/
(2) http://netgroup-serv.polito.it/winpcap/
(3) http://www.eeye.com/html/Research/Tools/libnetnt.html

Articolo completo
http://www.nytimes.com/2001/06/04/technology/04FLAW.html?searchpv=day01
------------------------------------------------------------------------


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Data:
- precedente: Re: Prodotto per firewall, Kundera
- successivo: RE: Qualche commento su Gibson ?, Francesco Beccari
- indice

Argomento:
- precedente: R: bloccare i siti porno, Schiavon Marco
- successivo: [FWD] Extreme case: art of writing exploit, Igor Falcomata'
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005