|
-
January 14th, 2002, 04:12 PM
#11
Junior Member
I have 1 last thing to say and I wonder what you will answer. You believe the words of a buncha college dropouts?
Hm. Well, okay--I will oblige your request and reply, as no one else has thus far. Your biggest hero, JP, is also a college dropout. You believe him when he says things, don't you? My point is that you shouldn't always look at the educational level attained when assessing someone's credibility, especially in the computing world.
-
January 14th, 2002, 04:37 PM
#12
 ?WTF
I have 1 last thing to say and I wonder what you will answer. You believe the words of a buncha college dropouts?
- Where did that quote come from?
Hm. Well, okay--I will oblige your request and reply, as no one else has thus far. Your biggest hero, JP, is also a college dropout. You believe him when he says things, don't you? My point is that you shouldn't always look at the educational level attained when assessing someone's credibility, especially in the computing world.
- Well I for one, didn't request for you to reply to this statement/quote.. or this thread for that matter. I think you have the wrong form. You must be looking for "General Bullshit".. Did you even take the time to read what this thread was about? I seriously doubt it. My biggest hero, eh? Heh, sure. Indeed certificates, degrees, and a college education are not required they are usually attained FOR someone's credibility or career field. In either case, you seem to have the education level of a HS freshman so I'm no longer going to debate this with you.
Remote_Access_
-
January 14th, 2002, 04:38 PM
#13
I am going to dodge the rediculous previous comment made and continue on in the named thread subject.
GRC.com has been nothing but a help to me. Gibson has released great programs aimed at making one breathe a little easier.
As stated above, so what if he was wrong on one thing (DDoS)? No man is perfect, and people today are so unforgiving... 
[shadow]uraloony, Founder of Loony Services[/shadow]
Visit us at
[gloworange]http://www.loonyservices.com/[/gloworange]
-
January 14th, 2002, 05:08 PM
#14
From what I understand of Gibson's current implementation, his stack would be vulnerable to "token" replay:
Someone could establish a legitimate connection from a public computer (ie: from a different IP), capture the SISN, the reuse that SISN on a fake packet (setting the packet's client addy as the one from the public computer used)...
Even if the key is changed every reboot, web servers are meant to be up for long periodes of time, leaving a good window of opportunity... I guess someone could also automate this process using trojaned computers and exchanging IPs & SISN between them...
*disclaimer, I might be wrong but this is what I'm seeing...
On the editorial side, what bothers me with Gibson is his quick bold (in both ways) absolute statements, declaring things perfect before peer review... Just have a look at the last (third) page, he had to appologize because he was too quick with his words... And also of course the formatting of his papers... Usually in the IT community, you *suggest* new ideas and standards in a emotion free paper that states only facts which is easy to (peer) review... Gibson on the other hand rolls out the marching band and loud speaker vans to announce to the world that is great (sorry for the emotion, but that shows my point).
Ammo
-
January 14th, 2002, 06:11 PM
#15
Junior Member
This post in reply to remote access.
(I've come to the conclusion that I should explicitly say when I am replying or not replying to one of RA's posts, as he seems incapable to comprehend that he is NOT the only quotable person on this forum.)
- Where did that quote come from?
It came from focmaester's last post. Did you not read it? Are you not reading every single one of this thread's posts like a happy antionline camper?
Well I for one, didn't request for you to reply to this statement/quote.. or this thread for that matter. I think you
have the wrong form. You must be looking for "General Bullshit".. Did you even take the time to read what this thread was about? I seriously doubt it.
Listen, you crackhead. This post had absolutely nothing to do with you or anything you've posted. Where do you come off thinking such? You are hardly the center of my universe, hell; you're hardly the center of my antionline universe. JP has purchased his own universe, right?
You've attacked me for not reading this thread, and yet you seem to have skipped over other people's posts. I for one have read all of them. I am a good, informed antionline user, one who makes posts after having taken the whole thread into consideration. You, friendly friend, are a bad antionline user, you have made a fool out of yourself by ironically attacking me for things you, not I, are responsible for.
Which one of us is in highschool? Which one of us is an idiot?
...so I'm no longer going to debate this with you.
Debate? You're hardly worth debating with. My sixteen year old sister is a much better debater than you are, we sometimes engage in hour long debates about a variety of subjects. Do you pretend to think that you can truly ever keep up with me?
How's your SQL coming along?
-
January 14th, 2002, 06:38 PM
#16
You again?
This post in reply to autumn regret/hehbris//chemical/oblio/etc.
I've come to the conclusion that I should ignore those previously stated aliases.. after this post 
It came from focmaester's last post. Did you not read it? Are you not reading every single one of this thread's posts like a happy antionline camper?
- If I read it I wouldn't of asked you where you got the quote. So no, I didn't read it. I didn't happen to read EVERY post werd for werd.. I was too busy posting something of VALUE, something that may HELP someone instead of replying with some ignorant statement with NOTHING to do with GRC..
Listen, you crackhead. This post had absolutely nothing to do with you or anything to do with what you've posted. Where do you come off thinking such? You hardly the center of my universe, hell; you're hardly the center of my antionline universe. JP has purchased his own universe, right?
- Crackhead?.. You seem to be sadly mistakeing. It's a figment of your imigination. Did you take your medication today? Where in my post did I state that I were the center of your "AO universe"? That must be another figment of your imigination.. Well, I wasn't aware that JP purchased a universe but what ever.. Did you forget to take your medication this morning?
You attack me for not reading this thread, and yet you seem to have skipped over other people's posts. I for one have read all of them. I am a good, informed antionline user, one who makes posts after having taken the whole thread into consideration. You, friendly friend, are a bad antionline user, you have made a fool out of yourself by ironically attacking me for things you, not I, are responsible for.
- Blah blah blah.. Big deal. I happened to miss ONE post. Not everyone spends all day on AO reading EVERYONES post.. Oh no, I'm a bad AO usr.. Shame on you RA.. Muhaha
Which one of us is in highschool? Which one of us is an idiot?
- Hahaha, well I'm neither so that only leaves YOU.
Debate? You hardly worth debating with. My sister year old sister is a much better debater than you are, we sometimes engage in hour long debates about a variety of subjects.
How's your SQL coming along?
- I'm not werth debateing with, eh? Then, why did you reply? You don't have to debate this with me.. go argure with your year old sister. She seems to share the same attention spand and mental capability as you. What do you spend hours upon worth less hours debateing with a one year old?.. As for my SQL class.. It's going good. What languages did you say YOU were learning? Here's an example of an SQL statement for you..
SELECT *
FROM Jackasses;
SQL Query Results
autumn regret, hehbris, chemical, noble hamlet, & oblio
-
January 14th, 2002, 07:00 PM
#17
 Steve Gibson
Hi There;
If it was not for the posts on www.grc.com about the nasty
hole in IIS, several customers could have lost there complete
data base including credit card info.
Microsoft never tell you straight info, they bury it
in a bunch of legal jumble and links....
There is still a number of IIS servers out there with the hole
but it is the fault of the systen admins not to patch it.
Now with the Holes in XP like raw sockets and
Unversal Plug and Play that has been spread
around ... Thanks to Steve
Steve Gibson does a GREAT JOB!
My kudos to Steve.
Keep up the good work Steve!!
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes! 
And learning to Play the Bugle 
-
January 14th, 2002, 07:17 PM
#18
DOS attacks
I checked around and found out this has been discussed on Linux Kernel Mailinglist. It seem Gibsons solution wouldn't work, and would open up to new forms of attacks.
Check out
http://www.uwsg.iu.edu/hypermail/lin...12.2/0787.html
http://www.uwsg.iu.edu/hypermail/lin...12.2/0799.html
http://www.uwsg.iu.edu/hypermail/lin...12.2/0882.html
-
January 14th, 2002, 07:25 PM
#19
It'd be nice to see something done at the tcp/ip stack level to ward off some of the DoS and DDoS attacks. Considering they come from script kiddie programs (a majority), it should be relatively easy to reverse-engineer what they hit, counter with a dynamic algorithm to block the attack (drop packets), and set up rules for watching said IP. Seriously good hackers who do programming could work around a lot of those fixes but I don't see very many true hackers running DoS against machines so I'm not too worried about what the script kiddies say they'll do in response (it has to be something inherently stupid of course).
Perhaps a good tcp/ip stack would have the ability to drop packets from an IP based on rulesets. This is great for things like netfilter where you can set up rules and can be integrated into the kernel, but I'm not sure what you'd do with Winblows. As it is, firewalls have to get better otherwise there's going to be more holes in them than 10 pounds of aged swiss cheese. One of these days I'm gonna get my rulesets up for ipchains...it might help someone out.
One thing I didn't like about this post (the second link) was this:
The foundations of this person's scheme simply cannot work.
Instead of just trashing it, why doesn't this "David Miller" offer some insight on how to make it work or offer other ideas? I can't stand idiots that just trash someone's "idea" without some form of instruction on what they *could* do to make it work, better, etc...
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
January 14th, 2002, 07:31 PM
#20
regardless of gibsons style and or ability...i'd say if he does nothing else for the rest of his career..he's done the whole internet community a huge service...he's made people realize that security matters...and i'm not talking about any of <you> ...i mean joe shmuck with the always-on who, until shields-up, had no idea that his computer was an open book..
i con't comment on his new projects...i'm not qualified...but...he writes tiny useful and for the most part -free- windows progs...if M$ had written leakstest it would have been 6.5 megs and cost 99 bucks...with a $24.95 upgrade fee...so ya he is a media guy with a considerable ego...but i'd say the net's a bit better and safer place because of his work...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
