[PLUG] This article attacks Linux security...

Jason Martin nsxfreddy at gmail.com
Mon Sep 25 16:54:38 UTC 2006


On 9/24/06, plug_0 at robinson-west.com <plug_0 at robinson-west.com> wrote:
> http://www.grc.com/dos/winxp.htm
>
> How do you audit what can be done with RAW sockets on a Linux/Unix system?

You don't, unless you use something like SELinux.

> How are raw sockets secured on current Linux systems.

By only allowing root to open them.  This is no different than
Windows, except that Windows users always run as Administrator.

Steve has been crying about raw sockets for years, and yet the
internet is still alive and well.  There's enough zombies out there
that anyone who wants to perform a DDoS attack can do it whether they
have raw socket access or not.  As DDoS turns into big business
(extorsion) it would not take long for rootkits to include custom raw
socket code that hooks directly into NDIS, even if Microsoft didn't
provide full raw socket capabilities.  It is rather silly to assume
that Microsoft is responsible for all the DDoS zombies because of raw
sockets.  They are responsible for all the DDoS zombies because their
code keeps getting hacked and their security model has everyone using
their OS running as Administrator.

> With the Steve Gibson guy finding so many problems with Windows, why doesn't
> he get a clue and move to Linux or one of the BSD's?

Because he gets more fame and fortune for bashing the most widely deployed OS.

> Does anyone else think that $90 for spinrite is exorbitent?

Yes, but then again I have never lost critical data due to
filesystem/partition corruption.

> Is there a way under Linux to read smart information before one's hard disk
> dies?  This should be a free feature for both Windows and Linux systems in
> my opinion, not something you have to pay for.

smartd.

Jason



More information about the PLUG mailing list