Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Malicious use of grc.com
From: "Aussie" <aussie () aussie mine nu>
Date: Wed, 28 Nov 2001 23:57:24 +1100
On 27 Nov 2001, at 12:40, Thor () HammerofGod com wrote:

<SNIPPED>

Some consider Magni's personal statement at the end of the advisory a
"rant."  That may be so, but it most certainly rings of truth.  I
won't make personal statements regarding Mr. Gibson, as I don't know
him.  However, I know what he has said:

"Port scans can not be spoofed Ben. They require an authentic IP else
the returning packet won't ever come back and report upon the port's
status. Furthermore, many other national ISP's and responsible
security testing services *ARE* excluding my IP ranges from their
reports"

and

"You, I, and our mutual customers all know that packets from GRC are
never attacks or intrusion attempts, so its deliberate generation of
such reports - -- which you have admitted, and we both know, could be
easily blocked -- is irresponsible and represents defective operation
from your product. Your utilities are broken since they are
deliberately reporting known non-attacks. "



Is it my ignorance, or does Gibson seem to not really understand that the 
port scans in question HAVE a valid IP...his systems and therefore are 
being returned, via his systems, to the attacker who has just effectively 
hidden his (her?) real IP by using Gibson's IP range instead. Is this not 
a form of spoofing?

Is Gibson suggesting that his unauthorised (by me) and unwanted (by me) 
checks of certain ports on MY system should not be defined by me as 
attacks or intrusion attempts? Further, by what right does Gibson 
determine that MY firewall/IDS is faulty because it deliberately 
generates reports to indicate that someone port scanned me without my 
authorisation? If someone scans the 10 ports or so that Gibson's Shield-
Up product scans, I like to think that I have every right to determine 
that the person has attacked and possibly attempted an intrusion on my 
private systems. Maybe I'm completely wrong, after all, IANAL.

To me, Gibson's response smells like "I can do what I want, if you don't 
like it, you're wrong".

Gnuthad

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]