[Dshield] Spoofing Source Address Verification XP

Josh Ballard jballard at cloud.cc.ks.us
Tue Nov 27 05:04:40 GMT 2001


XP is not being called insecure because it has raw sockets.  It's being
called insecure because it has the name Microsoft on it.  It's just that
with raw sockets, that's one less hurdle for a script kiddy to cross to
start blasting spoofed packets out onto the internet.  And since we all
know that the first hurdle of getting access to the machine has been for
the majority of the Microsoft OS's not a very big one, eliminating the
second hurdle toward spoofing packets kind of makes for an interesting
mix of things.  Think about how small a worm like codered was, no extra
BS to install to do what it did, and with something very similar to
that, someone could have a big spoofing denial of service agent, instead
of just a rapid spreading worm, without needing the aid of extra bloat
to have to send and possibly get cut off on.  Also, without needing to
install extra BS, it might be a little easier to slip something in on a
"good" admin.  Just my thoughts...

Josh Ballard
Oofle.com Linux Firewall Center
http://www.oofle.com/
jrb3333 at ksu.edu

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org] On
Behalf Of Alexander Rayborn
Sent: Monday, November 26, 2001 8:45 PM
To: dshield at dshield.org
Subject: RE: [Dshield] Spoofing Source Address Verification XP


How is this any different than a default install of Windows 95 or 98
that has client for Microsoft Networks and File and Printer Sharing
enabled on the internet?  XP's default security weaknesses are nothing
new from Microsoft.  I don't think XP deserves to be singled out for
"inherent security weaknesses" because of the raw sockets support.

--Alexander






More information about the list mailing list