[Dshield] XP and security
newton at unb.ca
Wed Nov 28 15:03:21 GMT 2001
Not directed at David, just the list.
I think everyone is missing the point about the 'easily accessed raw
sockets'. The people who can boot a floppy into linux and run the hacks are
not the problem. What people are trying to explain... is that millions of XP
boxes with this ability, sitting on the desktops of complete non-technophiles,
is a problem. Up until now, its been unix boxes that had this ability
(primarily), _usually_ sitting on the desks/racks of slightly more technically
orientated users (ie: they just _might_ notice something weird going on, or
acutally secure the box, or give a damn)... and we still have a big
spoofing/DDoS problem (and there are DAMN few unix boxes compared to Windows
_now_ we will have millions of boxes sitting in homes, schools, wherever,
that will have this ability, controlled by users who dont care, dont know, and
wont notice a problem if/when they get hacked.
I've heard the explanations too... but...
1) Noc operators shouldnt be letting spoofed addresses through...it's their
problem.... guess what, they still do, they always will... CodeRed/Nimda
should have taught people that no amount of preaching will reach those who
dont care/dont listen to fix things they dont understand.
2) You could always do the raw socket-like thing on windows, by (re)writing a
driver, and installing that... Weeeeee... when was the last time you saw a
trojan install network drivers? This features makes it simple, and easy.
Writing drivers is not easy.
>===== Original Message From "David Sentelle" <David.Sentelle at cnbcbank.com>
>Lotsa people seem concerned about XP's security and easily accessed raw
sockets. Would a raw socket-less WinXP keep a user from booting from a floppy
disk into a linux partition and running their hacks? Would requiring 'root'
privledges for raw sockets actually insure that only responsible people had
>Would raw sockets be that much of a problem if ISPs just checked the packets
to make sure that the address sending the traffic was the same that was
declared inside the packets?
>I'm much more concerned with the lack of accountability that software
developers have, as well as the lack of definition as to where an OS should
stop and applications should start. Microsoft has been 'developing' the
windows platform for a LONG time now, and I STILL see applications installing
files to the OS's core directories. If they're not going to tell consumers,
shouldn't Microsoft at LEAST tell developers where the OS stops and their
Application starts? (Sorry for the tangent, but I've been working for 2 days
trying to figure out how to allow users to 'cut' a block of text from
MS-Word2k without crashing)
More information about the list