[Dshield] Spoofing Source Address Verification XP

Stephane Grobety security at admin.fulgan.com
Wed Nov 28 15:24:28 GMT 2001


QM> http://grc.com/dos/xplaughter.htm This site appears to be down, but perhaps
QM> since he has already explained it in great detail, I do not have to, and I
QM> do not feel the need to get you to understand the implications...Search on
QM> Steve Gibson topics if you cannot get there. Surely there are other sites
QM> with the article....

I'm sorry, but Gibson is completely ignorant in matters of security
and OS design. If you feel like knowing why, you could go to the
http://www.grcsucks.com web site (and disregard the ridiculous name).

If you need more convincing, then consider this: Gibson's own pathetic
attempt at writing a security tool (a simple, web-based port scanner)
is, in fact a real security risk as it use a hidden form field to
encode the sender's IP, allowing anyone to use his web site as a
bouncer for external scan and a security risk.
For more informations, please refer to:
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0111&L=ntbugtraq&F=P&S=&P=11585 

I might also suggest that, the reason you can't reach his site is that
it might have been blackholled by a sensible admin due to this very
security risk. To verify this, do a trace on the IP, see where it
stops and, if it's close to you, then ask the admin of the network the
reason for the failure.

Good luck,
Stephane




More information about the list mailing list