North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: GRC rides again...
- From: auto261850
- Date: Mon Jul 02 14:14:25 2001
Damn I wanted to leave this alone. I really tried. But then I read his
Another frickin' internet victim. Everybody did it to me. It wasn't my
He could have stopped this at anytime. It really wouldn't have taken much.
Now a talk about our friend at GRC...
Using windows for a security solution is bad enough. He left ports open
on his pc's. Could have easily been stopped by the proper configuration.
NSA has a pretty good guide for this.
He left ports open on his firewall. Or did he. Not much mentioned here
Ping and traceroute to his servers. From all the wonderful external addresses
on the internet. Hello... Hello... Is anybody home here?
Internet Security is just like car theft. At the end of the day the tow
truck drives away with the alarm whaling away, the club on the steering
wheel, stereo faceplate in the house, video camera running, clifford alarm
system engaged, kill switch deployed, and big dog in the yard.
Gotta put security at all levels. Take care of those windows boxes up front.
The registry can be modified to stop ports, if the sockets list doesn't
If you got a firewall, employ it correctly. You need more than one layer
of protection here. PC based firewalls are handy but they are the VERY
last line of defense. A little NAT would have been pretty handy here also.
Then... After you get all that done, figure out exactly what you want to
do on and around the Internet.
At this point, once you are sure, call your friendly operator...
He should have told Verio up front I need the following: FTP, HTTP, etc...
and then said block everything else to my network. If he had done that,
Verio being a customer oriented solution provider would have done so. Anybody
would have. Money revolves around the idea of providing what the customer
Oh yeah.. .and when you finish. Test your solution... Know your risks
and how you intend to deal with them... then test periodcally.
A little definition for the three kinds of hackers...
1) script kiddies... this where most of these guys start off at.
2) copy cat's... They chunk code at this level. A little here and a little
3) Architect... Don't worry, you won't see it coming and better yet if you
do you'll wish you hadn't. If a hacker gets to this level they normally
hate levels one and two. They usually end up pushing Level one and two
to the fine law enforcement people.
The steps listed above will stop level one and level two hackers. Level
three if he is sloppy.
Note to Mr. Gibson...
ISP's are not here to be mommy and daddy. Do your part then call to see
what else is available but don't be an amatuer and think someone else should
solve your problem....
At Mon, 2 Jul 2001 17:16:39 +0100, "David Howe" <DaveHowe@gmx.co.uk> wrote:
>> The GRC page talks about his dos attack, and he also rants about the
>> "dangers" of the IP stack in XP, but his dos attack didn't come from
>> sending spoofed packets, so source address filtering wouldn't have
>> this case. GRC complaining about the spoofed packet problem should
>> separate rant on his website (who knows...it probably is!).
>I suspect that there were two attacks - because a few days after he
>smug "I blocked all the compromised machines at the ISP and didn't even
>notice later attacks" on his site, he posted a handsup "I surrender,
>win" - and started ranting about the dangers of XP. The reaction is
>what I would expect if his smug "I beat the haxors" page annoyed someone
>enough that he *did* launch a spoofed attack, and one with a sufficient
>variety of source IPs that there was no blocking it.
Free, encrypted, secure Web-based email at www.hushmail.com