DDoS attacks and Steve Gibson's grc.com

[Wayward Clam]

I'm gonna violate my tech-only posting sabbatical for this one, to point out something that nobody else has (verbally) realized yet:

There's no proof anywhere that this guy actually is 13. He could be 20, 30, 40, or 7. All we have is his own "word" and the word of another hacker that discussed him with Mr. Gibson. Now if it's dead easy for you or me to set up a fake internet personality, then how is that supposed to give your average hacker trouble doing it too?

(In fact, we have no proof of any of this stuff, we are all taking Mr. Gibson's word for it all anyways... Not saying I don't believe it myself, but you get the point)

[Cave_Dweller]

Here is the Technet article containing Microsoft's response to the claims that XP will make DDoS attacks easier:

http://www.microsoft.com/TechNet/sec...aw_sockets.asp
Titled "Hostile Code, not the Windows XP Socket Implementation, is the Real Security Threat"


I did a bit of testing, for what it's worth. I found that XP's "firewall" stood up to Symantec's test, all ports were reported as closed. However, the GRC leak test FAILED. Code running on the pc CAN contact the outside world, aparently unimpeded. That confirms what Steve is saying, there will be problems. The threat is coming from within the PC and unlike ZoneAlarm, XP's firewall, at least in beta2 is apparently unable to stop it.

I will not be uninstalling ZoneAlarm any time soon.

[SubZero]

I read the article posted on GRC, and That's what I figured. Windows was the problem. I've even tested some of the exploits against our network here at the office, just to see how we would handle if we were attacked. We failed on some respects, and we passed on others(I'm not going into detail on this as not to expose the network to any risk).

[DJSEARCHING]

Never the less,finger pointing on either side won't solve the problem.