Linux Today: Linux News On Internet Time.

Steve Gibson on Recent DoS Attacks Against GRC.com

Jun 04, 2001, 22:55 (22 Talkback[s])
(Other stories by Steve Gibson)

[ Thanks to jcpetit for this link. ]

A lot of readers are probably familiar with Steve Gibson'site GRC.com as a place to go for superficial verification of workstation security via free, web-based portscans. GRC.com recently fell victim to a packet-flooding DoS attack. His account of the whole ordeal, which includes some of his correspondence with the attacker, is fairly interesting, as is his assertion that Microsoft, in implementing the complete Unix sockets specification for Win2000/XP, has opened the Internet to "an escalation of Internet terrorism the likes of which has never been seen before."

As always, Mr. Gibson's style is somewhat overheated.

"...As a result, Internet security experts know that non-spoofing Internet attacks are almost certainly being generated by Windows-based PC's. Forging the IP address of an attacking machine (spoofing) is such a trivial thing to do under any of the various UNIX-like operating systems, and it is so effective in hiding the attacking machines, that no hacker would pass up the opportunity if it were available.

It is incredibly fortuitous for the Internet that the massive population of Windows-based machines has never enjoyed this complete "Unix Sockets" support which is so prone to abuse. But the very bad news is this has horribly changed for the worse with the release of Windows 2000 and the pending release of Windows XP.

For no good reason whatsoever, Microsoft has equipped Windows 2000 and XP with the ability FOR ANY APPLICATION to generate incredibly malicious Internet traffic, including spoofed source IP's and SYN-flooding full scale Denial of Service (DoS) attacks!"

Complete Story

Related Stories: