The Cellar - View Single Post

mbpark · 08-05-2001, 03:37 PM

Here it is in a nutshell:

XP implements Raw Sockets. Linux, BSD, and even BeOS have this ability. Win9x and WinMe did not have it enabled.

NT4.0 and 2000 do have it enabled.

Essentially, if lets you spoof packets. This is how a lot of the DOS attacks were done. Combining MS's lax application security with Raw Sockets is a BAD thing. This means that the new generation of Outlook Express email viruses will outright start DOS attacks when combined with DSL or Cable Modem. This is an incredibly bad thing.

As much as people pooh-pooh this, they won't when 50% of the Win2000/XP boxen on DSL and Cable connections start DOS'ing CNN.com, Amazon, eBay, and Slashdot

.

Geez. If someone wanted to spoof a lot of packets, there are a very large amount of unpatched Red Hat Linux boxes on the net as well with loads of BIND, Sendmail, Apache, and telnetd exploits

.

The potential for this, however, can be mitigated by the following:

1. ISP's actually checking packets coming from each MAC address for proper IP addresses. Tony, can this be done practically? I know that even cable modems have a MAC address, and I know how to filter this under a Cisco or Linux box. It would take some big-ass iron to do this practically, but it can be done. You know it as the CheckPoint firewall

.

2. Microsoft turning off the massive gaping security holes they have in their products. The XP firewall is a good start, however no firewall protects against Outlook Express

. Outlook 2000 SP1 and XP don't allow executable content in e-mail if you specify it, and I have all executable content turned off. Outlook Express is the big issue, since it has zero security.

3. Microsoft scrapping Outlook Express

The real issue here is the fact that Raw Sockets, which have been on any OS doing TCP/IP EXCEPT Win9x for years, have been combined with Outlook Express, IIS, and all the other nasty security bugs in MS Applications. This is potential for a massive amount of DOS attacks!

I can see a whole new large amount of attacks happening because of the millions of users on broadband who will be running 2000/XP. You've not seen anything yet with DOS and distributed cracking attacks.

08-05-2001, 03:37 PM	#7
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	The TCP/IP sockets issue in WinXP Here it is in a nutshell: XP implements Raw Sockets. Linux, BSD, and even BeOS have this ability. Win9x and WinMe did not have it enabled. NT4.0 and 2000 do have it enabled. Essentially, if lets you spoof packets. This is how a lot of the DOS attacks were done. Combining MS's lax application security with Raw Sockets is a BAD thing. This means that the new generation of Outlook Express email viruses will outright start DOS attacks when combined with DSL or Cable Modem. This is an incredibly bad thing. As much as people pooh-pooh this, they won't when 50% of the Win2000/XP boxen on DSL and Cable connections start DOS'ing CNN.com, Amazon, eBay, and Slashdot . Geez. If someone wanted to spoof a lot of packets, there are a very large amount of unpatched Red Hat Linux boxes on the net as well with loads of BIND, Sendmail, Apache, and telnetd exploits . The potential for this, however, can be mitigated by the following: 1. ISP's actually checking packets coming from each MAC address for proper IP addresses. Tony, can this be done practically? I know that even cable modems have a MAC address, and I know how to filter this under a Cisco or Linux box. It would take some big-ass iron to do this practically, but it can be done. You know it as the CheckPoint firewall . 2. Microsoft turning off the massive gaping security holes they have in their products. The XP firewall is a good start, however no firewall protects against Outlook Express . Outlook 2000 SP1 and XP don't allow executable content in e-mail if you specify it, and I have all executable content turned off. Outlook Express is the big issue, since it has zero security. 3. Microsoft scrapping Outlook Express The real issue here is the fact that Raw Sockets, which have been on any OS doing TCP/IP EXCEPT Win9x for years, have been combined with Outlook Express, IIS, and all the other nasty security bugs in MS Applications. This is potential for a massive amount of DOS attacks! I can see a whole new large amount of attacks happening because of the millions of users on broadband who will be running 2000/XP. You've not seen anything yet with DOS and distributed cracking attacks.