Damn I wanted to leave this alone. I really tried. But then I read his website... Another frickin' internet victim. Everybody did it to me. It wasn't my fault... He could have stopped this at anytime. It really wouldn't have taken much. Now a talk about our friend at GRC... Using windows for a security solution is bad enough. He left ports open on his pc's. Could have easily been stopped by the proper configuration. NSA has a pretty good guide for this. He left ports open on his firewall. Or did he. Not much mentioned here about firewalls. Ping and traceroute to his servers. From all the wonderful external addresses on the internet. Hello... Hello... Is anybody home here? Internet Security is just like car theft. At the end of the day the tow truck drives away with the alarm whaling away, the club on the steering wheel, stereo faceplate in the house, video camera running, clifford alarm system engaged, kill switch deployed, and big dog in the yard. Gotta put security at all levels. Take care of those windows boxes up front. The registry can be modified to stop ports, if the sockets list doesn't work. If you got a firewall, employ it correctly. You need more than one layer of protection here. PC based firewalls are handy but they are the VERY last line of defense. A little NAT would have been pretty handy here also. Then... After you get all that done, figure out exactly what you want to do on and around the Internet. At this point, once you are sure, call your friendly operator... He should have told Verio up front I need the following: FTP, HTTP, etc... and then said block everything else to my network. If he had done that, Verio being a customer oriented solution provider would have done so. Anybody would have. Money revolves around the idea of providing what the customer wants. Oh yeah.. .and when you finish. Test your solution... Know your risks and how you intend to deal with them... then test periodcally. A little definition for the three kinds of hackers... 1) script kiddies... this where most of these guys start off at. 2) copy cat's... They chunk code at this level. A little here and a little there. 3) Architect... Don't worry, you won't see it coming and better yet if you do you'll wish you hadn't. If a hacker gets to this level they normally hate levels one and two. They usually end up pushing Level one and two to the fine law enforcement people. The steps listed above will stop level one and level two hackers. Level three if he is sloppy. Note to Mr. Gibson... ISP's are not here to be mommy and daddy. Do your part then call to see what else is available but don't be an amatuer and think someone else should solve your problem.... Mitch At Mon, 2 Jul 2001 17:16:39 +0100, "David Howe" <DaveHowe@gmx.co.uk> wrote:
The GRC page talks about his dos attack, and he also rants about the "dangers" of the IP stack in XP, but his dos attack didn't come from sources sending spoofed packets, so source address filtering wouldn't have helped in this case. GRC complaining about the spoofed packet problem should be a separate rant on his website (who knows...it probably is!). I suspect that there were two attacks - because a few days after he posted a smug "I blocked all the compromised machines at the ISP and didn't even notice later attacks" on his site, he posted a handsup "I surrender, you win" - and started ranting about the dangers of XP. The reaction is about what I would expect if his smug "I beat the haxors" page annoyed someone enough that he *did* launch a spoofed attack, and one with a sufficient variety of source IPs that there was no blocking it.
Free, encrypted, secure Web-based email at www.hushmail.com
participants (1)
-
auto261850ï¼ hushmail.com