Re: Zombie spamming from my PC, Symantec/Spybot, nothing detects it!

From: Gerald Vogt (vogt_at_spamcop.net)
Date: 02/16/05


Date: Thu, 17 Feb 2005 00:11:34 +0900

Arthur Hagen wrote:
> Gerald Vogt <vogt@spamcop.net> wrote:
> *Again* you're making an assumption that I never made, in that the packet
> has to reach a listening service on a different interface. That's not
> true -- if that's the only scenario you can think of, your vision is
> limited.

Again, you are not describing a possible exploit nor tell a name of an
existing one. It does not help that you claim that I cannot think of an
other scenario while you just refuse to describe it. If you can think of
something else, just describe it.

>>(We are not talking about potential flaws in the IP
>>stack which are there regardless of any service.)
>
> Why are we not talking about that? You're changing the rules of the game,
> and I ain't playing.

No, I am not. You are changing the rules that you self set before. You
wrote: "The instant you are without a firewall, you're vulnerable,". We
are talking about vulerablities that are related to whether or not the
firewall is running.

We are_not_ talking about vulnerabilities that may be there but are
independent from this. If the IP stack is vulnerable then the firewall
does not matter. The problem of IP stack attacks have nothing to do with
firewall related issues. Your vision is limited if you cannot only see
both mingled and do not understand that they are conceptionally
different and thus are discussed differently. And anyway, you started
this discussion with your hypothesis that you are without a firewall you
are vulnerable. IP stack issues are not the subject. You added them when
I pointed out that this hypothesis obviously not correct. You wrote
"There's some exploits that attack the TCP/IP stack itself, as well as
some services that always run." and you don't tell which one it is. It
needs an exploit that attacks the TCP/IP stack and then exploits a
services. Again, no mentioning of yours about exploiting a vulnerabily
of the stack but just writing "attack" which is something different than
exploit.

Last but not least you write "None, because the false assumption that
you need to send a packet to *some* interface is yours, and not mine."
changing completely the subject as we don't seem to talk about network
related attacks or exploits anymore. We were talking about networks and
firewalls in particular. In this discussion, bugs in Outlook Express
when rendering an email are irrelevant because they are again completely
independent from the original discussion. And as we are talking about
networks your statement just does not make any sense, because at the end
of the network cable there is an interface. If not, it is an open end
and that is really useless...

So why do you not just keep to the subject. To me it seems as if you are
talking about something completely different each time your write,
taking into considerations things that we are not talking about and
which you don't even specifically mention. This way, no argument is
possible because there is always somewhere else something different
which you may have in mind but you don't even bother writing it
specificially and instead just expect other people to guess what ever on
earth you are talking about.

So, unless you get more specific and describe exactly what you are
talking about and how it is related with the original subject exactly
(not just "it's an exploit" or "it's is software") I don't see any
reason to continue this discussion because of lack of suitable argument
on your side.

Gerald



Relevant Pages

  • RE: Vulnerability assessment for small business
    ... > Say the customer has a firewall...but they don't host any services. ... You might just concentrate in 2 points: the firewall and the workstations. ... The main vulnerabilities for workstations that you could test for are their ... similar technology is not quite effective against targeted attacks. ...
    (Pen-Test)
  • RE: [fw-wiz] CERT vulnerability note VU# 539363
    ... Attacks well known, yes. ... Mitigation methods amongst vendors, bleek. ... Interesting that for other, more damaging, vulnerabilities they don't ... In my opinion if a stateful firewall claims it can filter at rate X ...
    (Firewall-Wizards)
  • RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?
    ... Well, like almost any security vulnerability, attacks against it are ... where traffic doesn't pass through a firewall. ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: [fw-wiz] Application-level Attacks
    ... when attacks are shifting towards using the already open ports ... |>> on the firewall, at the application level, ... These scanners are very effective at finding ... > instances of the sorts of vulnerabilities that get CVE entries. ...
    (Firewall-Wizards)
  • CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies
    ... Multiple vulnerabilities in stack smashing protection technologies. ... GNU gdb 19990928 ...
    (Bugtraq)