Re: Malicious use of grc.com

From: Aussie (aussieat_private)
Date: Wed Nov 28 2001 - 04:57:24 PST

Next message: zeno: "Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting"

Previous message: Valerio B.: "R: Synaptics TouchPad, strange packets."
In reply to: Thorat_private: "Re: Malicious use of grc.com"
Next in thread: H C: "Re: Malicious use of grc.com"
Next in thread: Chris: "Re: Malicious use of grc.com"
Reply: H C: "Re: Malicious use of grc.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27 Nov 2001, at 12:40, Thorat_private wrote:

<SNIPPED>
> Some consider Magni's personal statement at the end of the advisory a
> "rant."  That may be so, but it most certainly rings of truth.  I
> won't make personal statements regarding Mr. Gibson, as I don't know
> him.  However, I know what he has said:
> 
> "Port scans can not be spoofed Ben. They require an authentic IP else
> the returning packet won't ever come back and report upon the port's
> status. Furthermore, many other national ISP's and responsible
> security testing services *ARE* excluding my IP ranges from their
> reports"
> 
> and
> 
> "You, I, and our mutual customers all know that packets from GRC are
> never attacks or intrusion attempts, so its deliberate generation of
> such reports - -- which you have admitted, and we both know, could be
> easily blocked -- is irresponsible and represents defective operation
> from your product. Your utilities are broken since they are
> deliberately reporting known non-attacks. "

Is it my ignorance, or does Gibson seem to not really understand that the 
port scans in question HAVE a valid IP...his systems and therefore are 
being returned, via his systems, to the attacker who has just effectively 
hidden his (her?) real IP by using Gibson's IP range instead. Is this not 
a form of spoofing?

Is Gibson suggesting that his unauthorised (by me) and unwanted (by me) 
checks of certain ports on MY system should not be defined by me as 
attacks or intrusion attempts? Further, by what right does Gibson 
determine that MY firewall/IDS is faulty because it deliberately 
generates reports to indicate that someone port scanned me without my 
authorisation? If someone scans the 10 ports or so that Gibson's Shield-
Up product scans, I like to think that I have every right to determine 
that the person has attacked and possibly attempted an intrusion on my 
private systems. Maybe I'm completely wrong, after all, IANAL.

To me, Gibson's response smells like "I can do what I want, if you don't 
like it, you're wrong".

Gnuthad

Next message: zeno: "Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting"
Previous message: Valerio B.: "R: Synaptics TouchPad, strange packets."
In reply to: Thorat_private: "Re: Malicious use of grc.com"
Next in thread: H C: "Re: Malicious use of grc.com"
Next in thread: Chris: "Re: Malicious use of grc.com"
Reply: H C: "Re: Malicious use of grc.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 09:01:28 PST