RE: Government scrutiny is headed our way
I have never heard of either of these things, and I don't think they are worthy of the NANOG list. I use WinGate at home, it is a Win95 gateway program, so you can have a little proxy at home for your other systems with only one dialup. I'm sure many of you are familiar with it. I can't even imagine how it could generate spoofed packets in its legitimate form ( and I don't know of anyone who has modified it to do so). Go to Yahoo or win95.com and look up Wingate for more info. As far as I remember the reason SMURFING is called SMURFING is because the executable is called smurf! How would you "ban that code"? Ban a commercially viable product? The system.exe file? What is that? I have not heard of that either, I assume you are talking about win95 still. Maybe you mean system.dat (system registry)? The registry cannot be modified to spoof packets my friend. Surely what you are talking about is not true. Neither of these claims is worth techical merit. I'll now go back to my normal lurking. thanks andrew If we believe absurdities, we shall commit atrocities. - Voltaire On Sunday, June 21, 1998 5:03 AM, Henry Linneweh [SMTP:linneweh@concentric.net] wrote:
Now that we have gotten down to the nitty gritty here.
AGAIN the main mechanism for spoofing the smurf attacks is A program call wingate, ban that code and this problem will be cut more than in half.
Next there is a rumor that 8000 users have been infected with a tweaked system.exe file that makes that user a smurf amplifier unwittingly. These are things to watch for. I wish there was an easier way to break bad news.
Henry
The danger with Wingate (unless they've fixed it recently, but even then there's plenty of old revs out there) is that it provides an anonymous jumping-point for a cracker to launch an attack. Consider this example: "Joe DoS" dials into his local ISP, maybe even with a legit account. He runs strobe or some other port scanner against another randomly chosen ISP's netblock that they use for dialup looking for an open port 23. He finds one. It says "Hi, I'm a crappy wingate telnet proxy". Our cracker friend can then telnet there and from the wingate proxy go to any number of his hijacked shell accounts to start running smurf. If anyone wants to track *him* down, they're pretty much out of luck. No one to prosecute. Wingate *does not* log these connections. The problem with Wingate is that it shipped (ships?) with the telnet proxy wide open to the outside world. This is a very popular means for people without scruples to anonymize their connections to the machines from which they do their damage. To the admin of the machine on which the smurf attack is running it appears the rogue user is coming from the dialup ip of the wingate user. How can you prosecute a smurf attack if your attacker has absolute protection through anonymity? Personally, I think the makers of Wingate should be strung up for having such a stupid default behaviour in a product like this, and they should have pulled it from the market and offered patches/instructions to stop this behaviour as soon as they were aware of the flaw. Instead, they sat on it for months... Charles ~~~~~~~~~ ~~~~~~~~~~~ Charles Sprickman Internet Channel INCH System Administration Team (212)243-5200 spork@inch.com access@inch.com On Sun, 21 Jun 1998, Andrew Metcalf wrote:
Date: Sun, 21 Jun 1998 12:26:21 -0400 From: Andrew Metcalf <prelude@mindspring.com> To: 'Henry Linneweh' <linneweh@concentric.net> Cc: "'nanog@merit.edu'" <nanog@merit.edu> Subject: RE: Government scrutiny is headed our way
I have never heard of either of these things, and I don't think they are worthy of the NANOG list. I use WinGate at home, it is a Win95 gateway program, so you can have a little proxy at home for your other systems with only one dialup. I'm sure many of you are familiar with it. I can't even imagine how it could generate spoofed packets in its legitimate form ( and I don't know of anyone who has modified it to do so). Go to Yahoo or win95.com and look up Wingate for more info. As far as I remember the reason SMURFING is called SMURFING is because the executable is called smurf! How would you "ban that code"? Ban a commercially viable product?
The system.exe file? What is that? I have not heard of that either, I assume you are talking about win95 still. Maybe you mean system.dat (system registry)? The registry cannot be modified to spoof packets my friend. Surely what you are talking about is not true. Neither of these claims is worth techical merit. I'll now go back to my normal lurking.
thanks
andrew
If we believe absurdities, we shall commit atrocities. - Voltaire
On Sunday, June 21, 1998 5:03 AM, Henry Linneweh [SMTP:linneweh@concentric.net] wrote:
Now that we have gotten down to the nitty gritty here.
AGAIN the main mechanism for spoofing the smurf attacks is A program call wingate, ban that code and this problem will be cut more than in half.
Next there is a rumor that 8000 users have been infected with a tweaked system.exe file that makes that user a smurf amplifier unwittingly. These are things to watch for. I wish there was an easier way to break bad news.
Henry
participants (2)
-
Andrew Metcalf
-
Charles Sprickman