Re: Zombie spamming from my PC, Symantec/Spybot, nothing detects it!

From: Gerald Vogt (
Date: 02/16/05

Date: Thu, 17 Feb 2005 00:11:34 +0900

Arthur Hagen wrote:
> Gerald Vogt <> wrote:
> *Again* you're making an assumption that I never made, in that the packet
> has to reach a listening service on a different interface. That's not
> true -- if that's the only scenario you can think of, your vision is
> limited.

Again, you are not describing a possible exploit nor tell a name of an
existing one. It does not help that you claim that I cannot think of an
other scenario while you just refuse to describe it. If you can think of
something else, just describe it.

>>(We are not talking about potential flaws in the IP
>>stack which are there regardless of any service.)
> Why are we not talking about that? You're changing the rules of the game,
> and I ain't playing.

No, I am not. You are changing the rules that you self set before. You
wrote: "The instant you are without a firewall, you're vulnerable,". We
are talking about vulerablities that are related to whether or not the
firewall is running.

We are_not_ talking about vulnerabilities that may be there but are
independent from this. If the IP stack is vulnerable then the firewall
does not matter. The problem of IP stack attacks have nothing to do with
firewall related issues. Your vision is limited if you cannot only see
both mingled and do not understand that they are conceptionally
different and thus are discussed differently. And anyway, you started
this discussion with your hypothesis that you are without a firewall you
are vulnerable. IP stack issues are not the subject. You added them when
I pointed out that this hypothesis obviously not correct. You wrote
"There's some exploits that attack the TCP/IP stack itself, as well as
some services that always run." and you don't tell which one it is. It
needs an exploit that attacks the TCP/IP stack and then exploits a
services. Again, no mentioning of yours about exploiting a vulnerabily
of the stack but just writing "attack" which is something different than

Last but not least you write "None, because the false assumption that
you need to send a packet to *some* interface is yours, and not mine."
changing completely the subject as we don't seem to talk about network
related attacks or exploits anymore. We were talking about networks and
firewalls in particular. In this discussion, bugs in Outlook Express
when rendering an email are irrelevant because they are again completely
independent from the original discussion. And as we are talking about
networks your statement just does not make any sense, because at the end
of the network cable there is an interface. If not, it is an open end
and that is really useless...

So why do you not just keep to the subject. To me it seems as if you are
talking about something completely different each time your write,
taking into considerations things that we are not talking about and
which you don't even specifically mention. This way, no argument is
possible because there is always somewhere else something different
which you may have in mind but you don't even bother writing it
specificially and instead just expect other people to guess what ever on
earth you are talking about.

So, unless you get more specific and describe exactly what you are
talking about and how it is related with the original subject exactly
(not just "it's an exploit" or "it's is software") I don't see any
reason to continue this discussion because of lack of suitable argument
on your side.