On 27 Nov 2001, at 12:40, Thorat_private wrote: <SNIPPED> > Some consider Magni's personal statement at the end of the advisory a > "rant." That may be so, but it most certainly rings of truth. I > won't make personal statements regarding Mr. Gibson, as I don't know > him. However, I know what he has said: > > "Port scans can not be spoofed Ben. They require an authentic IP else > the returning packet won't ever come back and report upon the port's > status. Furthermore, many other national ISP's and responsible > security testing services *ARE* excluding my IP ranges from their > reports" > > and > > "You, I, and our mutual customers all know that packets from GRC are > never attacks or intrusion attempts, so its deliberate generation of > such reports - -- which you have admitted, and we both know, could be > easily blocked -- is irresponsible and represents defective operation > from your product. Your utilities are broken since they are > deliberately reporting known non-attacks. " Is it my ignorance, or does Gibson seem to not really understand that the port scans in question HAVE a valid IP...his systems and therefore are being returned, via his systems, to the attacker who has just effectively hidden his (her?) real IP by using Gibson's IP range instead. Is this not a form of spoofing? Is Gibson suggesting that his unauthorised (by me) and unwanted (by me) checks of certain ports on MY system should not be defined by me as attacks or intrusion attempts? Further, by what right does Gibson determine that MY firewall/IDS is faulty because it deliberately generates reports to indicate that someone port scanned me without my authorisation? If someone scans the 10 ports or so that Gibson's Shield- Up product scans, I like to think that I have every right to determine that the person has attacked and possibly attempted an intrusion on my private systems. Maybe I'm completely wrong, after all, IANAL. To me, Gibson's response smells like "I can do what I want, if you don't like it, you're wrong". Gnuthad
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 09:01:28 PST