GRC rides again...

Mon Jul 2 16:25:09 UTC 2001

Damn I wanted to leave this alone.  I really tried.  But then I read his 
website...

Another frickin' internet victim.  Everybody did it to me.  It wasn't my 
fault...

He could have stopped this at anytime.  It really wouldn't have taken much. 

Now a talk about our friend at GRC...

Using windows for a security solution is bad enough. He left ports open 
on his pc's.  Could have easily been stopped by the proper configuration. 
 NSA has a pretty good guide for this.    

He left ports open on his firewall.  Or did he.  Not much mentioned here 
about firewalls.  

Ping and traceroute to his servers. From all the wonderful external addresses 
on the internet. Hello...  Hello...  Is anybody home here?

Internet Security is just like car theft.  At the end of the day the tow 
truck drives away with the alarm whaling away, the club on the steering 
wheel, stereo faceplate in the house, video camera running, clifford alarm 
system engaged, kill switch deployed, and big dog in the yard.  

Gotta put security at all levels.  Take care of those windows boxes up front. 
 The registry can be modified to stop ports,  if the sockets list doesn't 
work. 

If you got a firewall, employ it correctly.  You need more than one layer 
of protection here.  PC based firewalls are handy but they are the VERY 
last line of defense.  A little NAT would have been pretty handy here also.

Then... After you get all that done, figure out exactly  what you want to 
do on and around the Internet.  

At this point, once you are sure, call your friendly operator...

He should have told Verio up front I need the following:  FTP, HTTP, etc... 
and then said block everything else to my network.  If he had done that,
 Verio being a customer oriented solution provider would have done so. Anybody 
would have.  Money revolves around the idea of providing what the customer 
wants.

Oh yeah.. .and when you finish.  Test  your solution...  Know your risks 
and how you intend to deal with them... then test periodcally.

A little definition for the three kinds of hackers...

1) script kiddies... this where most of these guys start off at.
2) copy cat's... They chunk code at this level. A little here and a little 
there.
3) Architect... Don't worry, you won't see it coming and better yet if you 
do you'll wish you hadn't. If  a hacker gets to this level they normally 
hate levels one and two.   They usually end up pushing Level one and two 
to the fine law enforcement people.

The steps listed above will stop level one and level two hackers.  Level 
three if he is sloppy.

Note to Mr. Gibson...
ISP's are not here to be mommy and daddy. Do your part then call to see 
what else is available but don't be an amatuer and think someone else should 
solve your problem....

Mitch

At Mon, 2 Jul 2001 17:16:39 +0100, "David Howe" <DaveHowe at gmx.co.uk> wrote:

>
>
>> The GRC page talks about his dos attack, and he also rants about the
>> "dangers" of the IP stack in XP, but his dos attack didn't come from
>sources
>> sending spoofed packets, so source address filtering wouldn't have 
>helped
>in
>> this case.  GRC complaining about the spoofed packet problem should 
>be a
>> separate rant on his website (who knows...it probably is!).
>I suspect that there were two attacks - because a few days after he 
>posted a
>smug "I blocked all the compromised machines at the ISP and didn't even
>notice later attacks" on his site, he posted a handsup "I surrender,
> you
>win" - and started ranting about the dangers of XP. The reaction is 
>about
>what I would expect if his smug "I beat the haxors" page annoyed someone
>enough that he *did* launch a spoofed attack, and one with a sufficient
>variety of source IPs that there was no blocking it.
>
Free, encrypted, secure Web-based email at www.hushmail.com