One of the ways Trojans can avoid software firewalls like ZA is to install themselves as browser extensions. In which case you have already given them permission to pass the firewall.
chuck

Security is a multi-pronged approach (why do you think they call the auth Kerberos?). Secure systems aren't connected to external networks and they don't allow loading of unverified SW (say through a floppy). I've got my browser and mail trimmed way down as far as Java, scripting, ActiveX, etc. I always check certs, though that still isn't a guarantee if the cert authority issued a bogus cert. You take your chances when you network and all you can do is minimize the intrusions and compromises to your data and SW. You can minimize your exposure if you're concerned about keeping your data private: Simply keep this data on removable media and only load the media while you're disconnected from the network.

I haven't got the hang of quotes yet, so these are from FDS unless otherwise stated.

What about SYN Flood attacks? They depend on a spoofed IP address and can be a far bigger pita than an ICMP flood.

Because Steve's ISP would have to block all incoming traffic rather than traffic from specific ip addresses - effectively doing the job of the DDoS attack for them.

But surely the cracker would far rather have his victims scurrying around in confusion for ages trying to work out where the attacks are coming from than the infected machines being located and blocked or cleaned? Plus the faster the compromised machines are found, the faster someone can start looking for the person who infected them.

Is it? I'm not a programmer, but I do know that a year or so ago I looked quite hard for a way to spoof IP addresses from a Windows 9x machine - to see if it could be done against me rather than for my own use I must add - and I could only find reference to Unix/Linux systems.
Maybe raw sockets can be enabled on Win9x/NT machines, but as far as I'm aware, it isn't part of the out of the box TCP/IP stack, and you need extra/3rd party software.

Uh, that was a typo, right? Then again, this is Micro$oft we're talking about..

Agreed, but thats rather like saying "There's a big hole in my floor, but its okay as long as I remember not to fall into it."
Why give Win XP raw sockets capability when this isnt a neccessary function for most users, yet can be used to carry out DDoS attacks more effectively?


[This message has been edited by RichL (edited 14 June 2001).]

I think this thread is one of the things Gibson had in mind when he wrote that article....people talking/ranting/disagreeing...whatever about the need to firstly, protect your comp from the outside and secondly, stop unwanted conections being made from inside your comp.

I use a Netgear RT314 4 port router that takes care of the first and Zone Alarm that takes care of the second. These certainly aren't the only solutions and not neccessarily the best but they work for me.

I don't care what anyone thinks of Gibson or his feelings about XP, my point is that you have to protect your own comp 'cause your ISP isn't going to do it for you.

BTW. Here's a link to a similar thread on the FU clan's message board:
http://www.thefuclan.com/discus/mess...html?992377264

I guess its too late to put the hornets back in the nest

[This message has been edited by Laurie (edited 15 June 2001).]