November 27th, 2001, 02:00 PM #1
Steve Gibson creates a DoS tool by mistake
I'm surprised we're giving credence to this story by providing a link to it. Have you read it? The author sounds like a bitter little child with a chip on his shoulder.
And his whole premise is simply ludicrous, how can one machine perform anything approaching the level of a DoS attack against any other one machine? That's just stupid from the get go. It'd eat up it's own bandwidth as well. You need an army of machines to perform a DoS attack.
If anyone here even bothers to read this "story", then I'd suggest you do what I did, which is send the author an email and let him know that his style of writing makes him sound like an ignorant, childish, petty ass.
November 27th, 2001, 02:06 PM #2
- Join Date
- Sep 2001
That's why I posted it .. Gibson's utilities are very helpful - just about everything that's helpful can be misused, but that doesn't mean we should do away with those things or condemn them as "bad".
November 27th, 2001, 02:22 PM #3
- Join Date
- Oct 2001
I don't get what this guy is complaining about. There are hundreds of tools out there that were designed with malicious intent. They allow even little children to carry out DoS attacks with the click of a button.
Yet he wastes all his mental faculties (or lack thereof) to have a weak go at someone who is making an effort to increase security awareness and understanding amongst computer users.
So what if one of Steve Gibson's apps can be used to do harm? My car can be used to harm, or my fist or my steak knife, or even my first aid kit case...
If I were as courageous as OuT I would write this guy too, but I don't want my name popping up somewhere without my knowledge
November 27th, 2001, 03:13 PM #4
This same thing was posted to Bugtraq and it was basically decided that it was because of Steve Gibson's recent rants on DDOS/bot that this article is actually even being paid attention to...
November 27th, 2001, 03:34 PM #5
I only have four words for that:
Way to go Steve!!!!!
Again, like Steve has said for a LONG time, the IP protocol and windows are too easlily manipulated to perform these DoS attacks!!
I wonder if I can try this myself?
I'll have to see if I can kill my home machine sometime?!
Sounds like fun
I wonder if you can do this with any OS, or just XP?
also note the refference in the story to black hat?
This is not something that your good sameritan TechIMO person would do to any web site, at least not intentionaly
November 27th, 2001, 05:35 PM #6
I went to their site and check it out. Go to the FAQ section and read the "interview" that they have posted there. You can tell it is a hackers site that is just trying to flame GRC.com
November 27th, 2001, 07:20 PM #7
Been reading steve's place since I got online - Very good info and tools - however - he has had trolls in the woods for quite a while - read some posts from about six months ago and a flame war was getting started -
IMHO - wizofid
November 27th, 2001, 08:52 PM #8
This is just silly. However powerful Steve Gibson's servers are, there's no way that, even if they directed their full power against another server, they could bring it down.
After all, if a server has blocked its ports - and if it hasn't, there's no need to go for a DOS attack when an intrusion is possible - then the probing computer is going to spend its whole time waiting for packets that aren't returned.
What constitutes a DDOS attack is that thousands of computers mount a concerted attack on a server. If the attack is channeled through a single point (i.e. grc.com), it ceases to be *D*DOS.
Anyway, all Steve Gibson needs to do is prevent his servers from testing a particular IP address more than once at a time. I bet he already does, come to think of it.
November 27th, 2001, 11:06 PM #9
I think it's funny.
Mostly because Steve Gibson knows just enough to BS the majority and little enough to be kind of dangerous.
Personally, I find Steve Gibson to be a whiner with no common sense. He has dealt himself a better blow than MS could have, especially since he was discrediting MS for being vulnerable...and then his own stupidity allows this from his own apps while he criticizes others....just one of lifes little ironiesBBA
November 27th, 2001, 11:26 PM #10
I hope he looks into this
I have used his web tests for about 4 years myself
November 27th, 2001, 11:32 PM #11
I agree, BBA -- Gibson, AFAIK, makes a living w/his website & tools, and hence has become a salesman -- perhaps a bit overzealously. However, the above website's point is silly 'cause I could set up a .bat file loop to continuously "ping" a website & that would be a (rather lame) DoS attack.
November 28th, 2001, 01:21 PM #12
Here is the responce I recieved from Gibson Research!!
Thank you for your note about Magni's posting to the BugTraq mailing list
which was picked up on the SecurityFocus site and then in an article by THE
REGISTER's Thomas C. Greene.
Fortunately, Magni's report had a number of significant factual errors that
led him to several mistaken conclusions. Unfortunately, neither
SecurityFocus nor THE REGISTER performed any fact checking of the BugTraq
posting, so they perpetuated the original mistakes to their readerships.
It is true that the IP Agent, optionally used with ShieldsUP!, can be
deliberately abused and used to direct ShieldsUP! to scan a third-party
machine. This has been public knowledge since the inception of ShieldsUP!
more than two years ago . . . it is not news.
Please scroll halfway down the following page on the ShieldsUP! site to see
our public note dated 10/28/99 discussing this known vulnerability
That note refers to a second-generation technology that would authenticate
the user's IP by establishing a connection to their machine. That
technology has been completely developed and is currently running in our
labs. It is discussed in detail here <http://grc.com/np/rsvptech.htm>.
Please make note of the first several paragraphs of the RSVP page where we
explain the reasoning behind the development of the RSVP technology and
explain the nature of the exploit against ShieldsUP!
The RSVP technology will be released as part of the second-generation
NanoProbe testing suite described on this page <http://grc.com/np/np-menu.htm>.
With the release of the second-generation NanoProbe system, the
vulnerabilities which have always been present in our IP Agent will be
But, in the meantime . . .
A ShieldsUP! Port Probe test sends at most ten sets of 40-byte TCP "SYN"
packets to each of ten standard ports. So that's a maximum of 4,000 bytes
sent to the client being tested for a single port probe. Since even a
single web page GIF or JPG image is usually much larger than 4,000 bytes,
and most web page's HTML is substantially longer, much less bandwidth is
consumed by ShieldsUP!'s Port Probe than when displaying even a portion of
a single web page.
These packets are also sent out in sets of ten 40-byte packets spaced apart
by one-second intervals. So the maximum possible data rate from ShieldsUP!
is 400 bytes per second (hardly a denial of service attack).
Also, it is not possible to "overlap" ShieldsUP! Port Probes to a single IP
address. You can demonstrate this for yourself by opening two web browser
windows side by side and attempting to perform a port probe from both web
browser windows at nearly the same time. The second probe will simply be
denied and can not be started until the first one completes.
This overlap prevention is enforced by our servers and NOTHING the client,
or any sort of fancy scripting, might do can overcome or circumvent this
"one test at a time per customer" testing serialization.
In other words, it is COMPLETELY IMPOSSIBLE to use the ShieldsUP! system to
launch any sort of denial of service attack against anyone. It's simply
Thank you for your time and patience.
(ps, I asked permission before I posted this message)
Kinda answers the question, its known, and the first articel was a lot of hype!!
November 28th, 2001, 09:10 PM #13
- Join Date
- Oct 2001
Anybody that can write entire apps in Assembly certainly isn't somebody I'd question their intelliegence.
Ever tried it? UGLY! lol
I've done some SAL but thats about it, and very little (SAL is the "easiest" of the 3 that I know of SAL/MAL/TAL)
TAL being the True Assembly language...
I have nothing against GRC, and they do have some good apps, and he does seem to actually try to shove some of the sh** into peoples faces showing them they have a problem with their applications.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)