Re: Review: Steve Gibson's GENESIS

From: Genesis Flaw (genesis_flaw@netzero.net)
Date: 03/08/02 

From: "Genesis Flaw" <genesis_flaw@netzero.net>
Date: Fri, 8 Mar 2002 19:51:16 +0000 (UTC)

[Day 12 and counting .. no fix to Steve Gibson's GENESIS pages]

Sam Schinke wrote:
...
> > Notice the lack of support you find here in public
> > forums where people are generally knowledgable about the subjects we
> > are discussing.
>
> I also find it difficult to conclude much from that. There are enough strong
> anti-gibson trolls out and about (such as Greg Hennesey) to make any
> ventures out into the public newsgroups unpleasant for anyone who expresses
> any support for GRC. Frankly, I prefer to express my support in arenas where
> baseless trolling and character attacks of the sort I have been subjected to
> here are rallied against by the "locals" (so to speak).

The people here are not anti-Gibson trolls.
They may be anti-Gibson, but that is almost certainly a position Steve
has earned. To criticise Gibson is not trolling if you can back it up.

As for character attacks on you, you must understand how people question
your motives when you demand Gibson be treated more fairly than he
treats
others.

(This is largely off topic for these newsgroups)

> Am I to conclude from the silence of the group on the subject of Greg's
> trolling that he has the support of the group? I don't think I should have
> to come to any such conclusion.

Fine, but don't ask for a vote.
 
...
> > I have been academic on the research work as it demands.
> > I have not been snooty.
>
> Indeed. As I have said, your review, by and large, has been excellent in its
> technical aspects.

And it has achieved no result - Greene's approach is winning.
Great motivation for treating Gibson fairly.
 
> > Leaving up falsehoods is not a "good" way to react!
>
> Labelling it "falsehood" implies an intent to deceive. By that standard any
> page that is obsolete due to the writer having moved on (or for just about
> any purpose) is a falsehood. I will agree that there are parts of the pages
> that are "false" (namely that GENESIS is "unique"), but not that the pages
> are "falsehoods"

No, the word "falsehood" does not imply an intent to deceive.
That's the word "lie".

> I will agree though, that leaving up an obsolete or technically flawed
> explanation of a technology is not a "good" thing to do (to use neutral
> terms for the same thing).

Day 12 of Steve Gibson doing a not good thing.
 
> > I want to know the path to a resolution on this.
>
> I would say the "path" at this point is to sit and wait.

Yes, Steve Gibson plans to wait until fewer people are looking and then
retreat from his false statements. Better than nothing, but this is the
fuel that fires anti-Gibson sentiment. He earns his criticism well.
It's not from ruffled feathers. It's not from jealosy. It's not from
people feeling grumpy. It's earned.

He's letting his fear of public perception steer him,
not a faithfulness to the truth.

> I don't think I am any special conduit. Try revising your review in light of
> what we've discussed and reposting it. Try sending it to one of GRC's public
> email addresses. Who knows.

If you're not a mediator, you're not qualified to offer settlements.
As for revising my review, the ball is squarely in Gibson's court.
Steve has a continuing obligation to correct the misinformation he's
posting.
He's stalling.
He admits it.
I'm happy to review new material.

<<<<<<<<<<<<<<<<<<<<< from the Part 2 thread
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> > The fact it isn't a problem in SYN cookies is a good reason to
> > drop GENESIS altogether. It has no redeeming features.
>
> It may be easier to re-code GENESIS to address these issues rather than
> re-start with creating a SYNcookies implementation for windows. I'm not
> sure.

I'm sure it's not.
SYN cookies don't need "porting".
They just need a cut and paste into whatever TCP code you're using.
It is written in C.

GENESIS is written in assembler.

> The "redeeming" features of GENESIS at this point (when compared to
> SYNcookies) are that Steve Gibson has the code for his implementation
> available for windows.

See my points above.
GENESIS is not redeemed.
Also, GRC hasn't given out anything but the old broken design.
Gibson has been asked for the source and he hasn't done it (from what I
know).
 
> > http://grc.com/r&d/nomoredos2.htm
>
> It says specifically "(of the SYN & ACK spoofed IP flooding varieties)".
> Spoofed is the word you seem to be missing. It does prevent or at least
> render extremely impractical any spoofed SYN or ACK flooding.

On the subject of ACK flooding, I realized that I conceded my point
too quickly before. Originally, I claimed GENESIS had a weakness in that
you could prepare valid-looking ACK packets on your own GENESIS system
and
then fire them successfully at the victim's server. You responded quite
appropriately that, without knowing the cipher key for the RC5
encryption,
this couldn't be done.

What I will add here is that if you can figure out the cipher key, then
you can use this attack successfully. Impossible, you say? Maybe not.
What if Steve Gibson wasn't very good at making a pseudo-random number
generator and the cipher keys were guessable? Then you've succeeded.
And after all, you've got a lot of time to guess the cipher key.
You have until the system need rebooting.

Oh, that's not too long ;) (throwing a bone to the UNIX folks :)
But seriously, you have hours or days and, if you succeed, the only
recourse is to reboot the GENESIS server and wait for the key to be
guessed again.

Can this be mitigated?
Of course.
But again, let's be clear.
I'm identifying a potential weakness in the public GENESIS.
The only GENESIS Steve Gibson has shown the world.

> [...]
> > > Mitigated, or prevented by external hardware, whereas doing such to a
> > > spoofed syn flood is impractical.
> >
> > Oh God. Don't mention external hardware as a solution.
> > I could be wrong, but I don't think ICSA would certify
> > a (software-based) firewall that required external hardware.
>
> I wasn't aware that ICSA certified against flooding.

No, I meant that, from my understanding, ICSA says it won't
certify a software firewall that requires external hardware
such as what (I thought) you were suggesting. 

-- 
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Quantcast