[Dshield] Spoofing Source Address Verification XP

Quibell, Marc mquibell at icn.state.ia.us
Wed Nov 28 15:24:33 GMT 2001


I will take one item from your reply and attempt to show you the path I'm
on. 

Tony>> "The default installation of my Linux server wasn't "secure enough",
what
Tony>> makes you think that any other OS product will be?"

Since I was on the subject of home-user/end-user OS's such as XP (or
currently Win9x), linux is not a choice "home-user/end-user" OS. And it is
the end-user we're talking about with high-speed internet access. And if and
when Linux becomes an end-user, and end-user-friendly common commodity, then
I would worry about it as well. The key word is "Volume" and the fact that
XP will be entering millions of households very shortly. You may not worry
because you don't understand the implications, but that doesn't mean that us
ISPs have nothing to worry about. 

I'm not a "tech" who works on little OS problems. I have bigger things to
worry about, such as bandwidth, security concerns, and trojan-bots on
millions of household cable-modem connections ready to flood the internet,
and/or our WAN. You bring up the point that you can secure the OS? That's
pretty amuzing, because the harsh reality is that it has been proven time
and again, that no matter how secure, systems will be hacked. I hope that
does not surprise you.

Marc Quibell
ICN Network Operations Center
Data Operations Group
noc at icn.state.ia.us
1-800-572-3940




-----Original Message-----
From: Tony Maro [mailto:tonym at nlisc.com]
Sent: Tuesday, November 27, 2001 8:20 AM
To: 'dshield at dshield.org'
Subject: RE: [Dshield] Spoofing Source Address Verification XP


> -----Original Message-----
> From: Quibell, Marc [mailto:mquibell at icn.state.ia.us] 
> 
> Might I interject and say that the problem is that Windows 
> XP, an end-user-marketed product, in the hands of 
> inexperienced end-users, will provide hackers, internet 
> terrorists, and script kiddies many more (AND
> easier) opportunities to wreak havok onto the internet.

Wow, I bet you're also in favor of gun control and doing away with private
ownership of vehicles, both because they kill people.

> fact it will provide them a much greater abundance of 
> unsecured access like nothing we've seen before.

It's called progress...

> Do we simply 
> "hope" that the default installation of the end-user XP will 
> be secure enough, with it's integrated firewall, to keep 
> hackers out in the first place? Based on M$'s track record, I 
> predict this "hope" to be short-lived. 

The default installation of my Linux server wasn't "secure enough", what
makes you think that any other OS product will be?

Would you buy a new door for your house and not bother to install a lock to
keep out the bad guys?  Probably not.  You know why?  Because you HAVE BEEN
EDUCATED in the fact that you NEED A LOCK on your door, and that you MUST
USE IT.  Take one of these country bumpkins (no offense) that I grew up with
down here in the south and throw them in the big city and guess what... It's
likely they'll forget to lock their car or their house because they never
had to before.  It takes their first break-in (or neighbor's break-in)
before they think to lock the door.

The only thing that will improve security is not "OS Control" a.k.a. "gun
control" but education.  And for those who don't have the knack for
computers, that's what techs for hire like me are for.  ;-)

-Tony

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list