On Tue, Nov 27, 2001 at 12:46:09AM -0700, Blake McNeill wrote: > Reading Steve Gibson (or someone claiming to be Steve Gibson at least) > response to questions concerning this on > http://www.dslreports.com/forum/remark,1859774~root=security,1~mode=flat, he > says and I quote, "In other words, it is COMPLETELY IMPOSSIBLE to use the > ShieldsUP system to launch any sort of denial of service attack against > anyone. It's simply not true." > > Interesting... Were you purposefully chopping out the relevant information in your quote in order to make Mr. Gibson look bad? If not, then I misunderstood you, but the above sort of comes off as sarcastic. At any rate, I'm glad I bothered to read the post at the URL you mentioned, and I hope other people will as well. The important points that Steve (and let's just assume it's him, shall we?) makes is that his software, on the server side, limits: (a) bandwidth of the scanning to 400 bytes/sec (b) the number of requests aimed at a given IP run at the same time to one This rules out even the remote possibility of a DoS. He also points out that this has been a known, and publicly stated, issue since 10/28/99. You can complain about how long change has been in coming, if you like, but that hardly seems to be content relevant to the incidents mailing list. It's still true that you can scan a host other than your own... *ten* *ports* on that other host. Why waste the time? Go find yourself a public area lab on a university campus or any of the insanely many insecure 802.11B networks in any major city and scan from there... you'll get the same (if not better) anonymity. -- ~ g r @ eclipsed.net
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 08:25:39 PST