[Dshield] Spoofing Source Address Verification XP

Stephane Grobety security at admin.fulgan.com
Wed Nov 28 15:30:23 GMT 2001


QM> Dear "Security",

Please excuse the name tag. I try to sign all my posts with my given
name (Stephane) and my family name (Grobety) is easy enough to find.
I've changed my mailer preferences to reflect that so, in the future,
we might talk more easily.

QM> I suggest you read the entire thread here and concentrate on the
QM> imlpications of full access to FULL RAW sockets, now available in XP AND
QM> 2000.

I did, and I showed you that it didn't apply. If I have failed to
demonstrate so, then please accept my excuses and develop why I am
wrong. (and it's raw, not RAW, it's no acronym).

QM> This is the focus of the debate. And I suggest you read my previous
QM> reply which includes links that will explain it to you in detail.

I know of the site, I know of the person and I also know how much
he is incompetent in the security field. I would be glad to detail,
point by point why his allegations range from dubious to plain wrong
and what you should highly doubt his motivations and allegations but
someone has done it for me. Please refer to my answer to the message
you're quoting.

QM> Until
QM> further educating yourself on the subject, I suggest you refrain from
QM> commenting.

I suggest you do the same and try to understand the REAL security
implications of 1/ raw socket 2/ XP support for raw sockets 3/ actual
usage of spoofed packet in IP warfare. 4/ Architecture of a DDOS 5/
the theory and practice of routing IP packets. I also suggest you
enlist to a few other security-related mailing lists and have it
explained to you there (since you're not likely to take my word for
that).

QM> Thank you for no further flaming.

I did not feel like flaming, but I confess that, at some point to, I
have felt pretty tired to develop my arguments to be answered by "It
doesn't apply" without further comment (in particular when I felt the
author - you - simply didn't read and understand what I said). So, I
might have "slipped" and I apologize for that.

Since I enjoy the subject, and since you seem to be a bit touchy, I'll
try to be a bit more patient in the future. In return, I ask you to
re-read my comments and, if you feel I'm wrong (after all, I'm very
far from being perfect), then please explain why and please do it
yourself, not pointing to Gibson's propaganda web site (you're more
than welcome to quote it, however, I'd be glad to explain why I think
he's dead wrong on most respects).


Good luck,
Stephane




More information about the list mailing list