Topic 'GRC.com under attack?' in forum 'Security'

Topic 'GRC.com under attack?' in forum 'Security' - dslreports.com http://www.dslreports.com/forum/GRCcom-under-attack-19753484 en Fri, 10 Feb 2012 06:11:41 EDT Fri, 10 Feb 2012 06:11:41 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19824081 said by SilenceGold:

Freebsd, Linux..etc...have had raw sockets for years before Windows did.

Even I don't think the raw sockets are completely disabled on Windows XP SP2 because the Windows XP built in firewall should use some of it. What about nmap win32? or even wireshark?

FreeBSD or Linux have not even created any destruction of the Internet as Steve feared that Windows would do.
nmap and wireshark use the winpcap libraries.

According to this blog raw sockets are still in XP, they just have certain restrictions:

TCP data cannot be sent over raw sockets.

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19824081 Thu, 17 Jan 2008 22:27:58 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19819560
Even I don't think the raw sockets are completely disabled on Windows XP SP2 because the Windows XP built in firewall should use some of it. What about nmap win32? or even wireshark?

FreeBSD or Linux have not even created any destruction of the Internet as Steve feared that Windows would do.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19819560 Thu, 17 Jan 2008 11:44:24 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19816226 said by Just Bob:

said by Khaine:

said by Just Bob:

Steve's point was that a mass market operating system with raw sockets available, where most of the systems are left in the default configuration and were easily compromised, was unwise.

There's always a trade-off between security and convenience. Thankfully, Microsoft has moved toward the security end of the scale and as one small part of that move has disabled raw sockets. In that context I do hope the benefits outweigh the cost.

However, just as a bot can easily install winpcap, so can you or I. There are systems other than XP (and now Vista) that are available to run nmap and other security tools. I don't see it as a major problem.

It's a moot point. Neither of us has to power to change Microsoft's decision to place a higher value on security and personally I wouldn't want to.

Permit or Deny? ;)
There may be other operating systems where said tools are no longer crippled, but that sort of defeats the purpose of using Windows.

I agree that it is good that Microsoft is taking security more seriously, however disabling raw sockets is just a stunt. It makes windows the only operating system where an admin cannot access raw sockets.

You may see this as increasing security, I see it as a marketing stunt.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19816226 Wed, 16 Jan 2008 20:38:29 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19813646 said by Khaine:

. . Second of all raw sockets were only accessable if you ran with Administrator privileges, which is clearly an alreadhy foolish thing to do. . . .

. . legitimate software tools have become crippled.

Somehow I don't think the benefits outweigh the costs do you?
I can't wait to hear the O.P. in this thread straighten you out on this 'Admin.' business, and explain to you just what it is that 'cripples' software! :D]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19813646 Wed, 16 Jan 2008 14:15:51 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19813559 said by Khaine:

And my point is any bots that are going to perform DDOS's are simply going to covertly install winpcap and continue on there merry way.

Second of all raw sockets were only accessable if you ran with Administrator privileges, which is clearly an alreadhy foolish thing to do.

So all that has happened is spoofing has become marginally harder, and legitimate software tools have become crippled.

Somehow I don't think the benefits outweigh the costs do you?
There's always a trade-off between security and convenience. Thankfully, Microsoft has moved toward the security end of the scale and as one small part of that move has disabled raw sockets. In that context I do hope the benefits outweigh the cost.

However, just as a bot can easily install winpcap, so can you or I. There are systems other than XP (and now Vista) that are available to run nmap and other security tools. I don't see it as a major problem.

It's a moot point. Neither of us has to power to change Microsoft's decision to place a higher value on security and personally I wouldn't want to.

Permit or Deny? ;)
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19813559 Wed, 16 Jan 2008 14:02:16 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19811285 said by Just Bob:

Steve's point was that a mass market operating system with raw sockets available, where most of the systems are left in the default configuration and were easily compromised, was unwise.
And my point is any bots that are going to perform DDOS's are simply going to covertly install winpcap and continue on there merry way.

Second of all raw sockets were only accessable if you ran with Administrator privileges, which is clearly an alreadhy foolish thing to do.

So all that has happened is spoofing has become marginally harder, and legitimate software tools have become crippled.

Somehow I don't think the benefits outweigh the costs do you?]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19811285 Wed, 16 Jan 2008 06:47:14 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19810365
The proof of his contention was the MSBlast worm.
»www.news.com/2009-1002_3-5063226.html

Critics made the point that XP was (after SP2) the only major operating system that didn't support raw sockets.

In the spirit of full disclosure, I'm posting this message from Windows 2000 with raw socket capability. However, I'm also running Outpost Pro firewall, which blocks raw sockets by default and I must whitelist any application that I would allow to use raw sockets.

Here's another link that gives both sides of the issue:
»www.zdnet.com.au/news/security/s···6,00.htm

It may be worth noting that not long ago BBR was taken down by a SYN attack with the spoofed source ip of GRC, a 2fur attack that also took down GRC.
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19810365 Tue, 15 Jan 2008 23:54:35 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19810146 said by Just Bob:

said by Khaine:

And he did say that raw sockets would cause the destruction of the Internet as we know it.

I've been staying out of this discussion, but I don't think that accurately describes Steve's position. For myself I'll just stick to the facts. Microsoft disabled raw sockets with the SP2 update to XP.
Ok, to be fair, it is a slight exaggeration. However wikipedia claims that Steve Gibson states:

quote:
That raw sockets in Windows XP could be the "enabling factor for the creation of a series of 'Ultimate Weapons' against which the fundamentally trusting architecture of the global Internet currently has no effective defense".

Clearly his criticism of raw sockets are unfounded. No such doomsday tools have been created. Instead it has crippled certain applications, and hasn't even removed the risk of packet spoofing, as winpcap provides the same functionality.

That being said, his work, although full of hype, has made computer security something joe blow can understand and appreciate and for that he should be applauded. ]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19810146 Tue, 15 Jan 2008 23:18:55 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19806203 but the fact remains that he has done a lot within the
security community to raise awareness among users, especially
new ones.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19806203 Tue, 15 Jan 2008 14:10:52 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803951 said by Khaine:

And he did say that raw sockets would cause the destruction of the Internet as we know it.
I've been staying out of this discussion, but I don't think that accurately describes Steve's position. For myself I'll just stick to the facts. Microsoft disabled raw sockets with the SP2 update to XP.
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803951 Tue, 15 Jan 2008 07:54:46 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803201 said by Steve:

This is a different and completely unrelated kind of cookie: the pointed-to page talks about web cookies, but the discussion here is about a low-level TCP/IP concept of "syn cookies". . . .Guess that's what I get for not paying close enough attention.

In that case, make mine peanut butter! :)]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803201 Tue, 15 Jan 2008 00:45:30 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803158 said by AB:

There's some talk about 'cookie invention' in this thread, if you're interested: This is a different and completely unrelated kind of cookie: the pointed-to page talks about web cookies, but the discussion here is about a low-level TCP/IP concept of "syn cookies".

My understanding is that though Steve may well have invented the concept independently, it was already a solved problem, and his way was considerably broken (it ignored MSS, for instance).

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803158 Tue, 15 Jan 2008 00:35:08 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803088 said by Khaine:

said by qrkx:

said by TalkRadio:

I thought this guy was all about privacy and didn't even like the ideas of cookies?

He invented SYN cookies. And stealth too.

But that is only if I remember correctly...

According to wikipedia SYN Cookies was created by Daniel J. Bernstein and Eric Schenk in September of 1996, although Steve claims to have "independently invented" SYN cookies.There's some talk about 'cookie invention' in this thread, if you're interested:

»Microsoft patents tracking cookies

. . He did invent the term stealth, and over-hype how much stealth was better then closed.

And he did say that raw sockets would cause the destruction of the Internet as we know it. . . .

Nostradamus didn't get 'em all right, either. ;) :D]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19803088 Tue, 15 Jan 2008 00:23:15 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19801868 said by qrkx:

said by TalkRadio:

I thought this guy was all about privacy and didn't even like the ideas of cookies?

He invented SYN cookies. And stealth too.

But that is only if I remember correctly...

As for the massive DDos SYN flood I hope all bots participating - yes both of them - will cease fire!

rgds
According to wikipedia SYN Cookies was created by Daniel J. Bernstein and Eric Schenk in September of 1996, although Steve claims to have "independently invented" SYN cookies.

He did invent the term stealth, and over-hype how much stealth was better then closed.

And he did say that raw sockets would cause the destruction of the Internet as we know it.

That being said, he has helped so many people take computer security seriously.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19801868 Mon, 14 Jan 2008 21:00:36 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19792362 said by agaprazr:

My experience was very similar to that of owlbet. It seems to me that Steve Gibson has always had the common users back when it comes to PC security. I visit his site often, and I love his no nonsense plain english approach of explaining how things work. You've expressed my views as well. Bravo Steve Gibson for helping less experienced users learn about computer security.
--
Life is like stepping onto a boat which is about to sail out to sea and sink. - Suzuki Roshi
]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19792362 Sun, 13 Jan 2008 13:37:51 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19765793 said by agaprazr:

I visit his site often, and I love his no nonsense plain english approach of explaining how things work.
His plain English approach is probably due to the fact that English is not his first language...it's Assembly. :D ]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19765793 Wed, 09 Jan 2008 01:34:20 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19765758 --
...and the greatest of these is love. 1Cor.13:13]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19765758 Wed, 09 Jan 2008 01:17:09 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19765697 said by KrK:

Well you know what I mean.All I can go on is what you actually say.

I say thumbs up to Steve Gibson.

As do I. He's done more to secure the internet than any other one person I can think of.

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19765697 Wed, 09 Jan 2008 00:58:01 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19764844 said by Steve:

Oh yah?Well you know what I mean. At the stores they just try and get people to buy lots of security programs they don't know how to use.

And yes, the forums here are great *but* honestly how many Joe Sixpacks come here? Some, maybe even a lot--- but there are so many more out there :)

I say thumbs up to Steve Gibson.
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!)]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19764844 Tue, 08 Jan 2008 21:51:44 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19764381 Raw sockets must be removed from Windows Vista.
--
Cufk, Tish, Sips]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19764381 Tue, 08 Jan 2008 20:48:13 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760985
In the quest to teach others about net security we are all on the same team. Or so I'd like to think.
--
Choose heaven for climate, hell for society.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760985 Tue, 08 Jan 2008 11:55:03 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760307 said by KrK:

Notice however you don't see a lot of other people rushing to help noobs or Joe Sixpacks secure their PC's.Oh yah?]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760307 Tue, 08 Jan 2008 10:03:05 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760293 said by KrK:

Steve Gibson bashing seems to be all the rage.

Notice however you don't see a lot of other people rushing to help noobs or Joe Sixpacks secure their PC's.

Personally, I applaud his efforts.
bump]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760293 Tue, 08 Jan 2008 10:00:10 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760201 said by Lanik:

Yes in LA Area, Tustin I think. Level3 has a fine colo facility just off the 5 Freeway and Tustin Ranch Road]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760201 Tue, 08 Jan 2008 09:43:05 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760182 I found the Shieldsup! grc.com pages some time after I got an internet connection - dialup, windows 95 - ca 1998.

Did the port un-binding thing per Steve's writings, got to learn how to use a news-reader expressly in order to join his grc.news server... and since then have never ceased to learn from, and occasionally try to contribute to, the exceptional community that hangs out there under Steve Gibson's benevolent supervision. ]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760182 Tue, 08 Jan 2008 09:37:41 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760176 http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760176 Tue, 08 Jan 2008 09:37:13 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760056
And Mele20, you also described my early experiences to a "T" with Win 98 and grc.com... :)]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19760056 Tue, 08 Jan 2008 09:15:40 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759601 said by Owlbet:

In 2001, I wanted to "hide" my computer from the internet and I knew nothing of firewalls. I can't exactly remember how I stumbled upon Steve Gibson's site. I spent a few hours there clicking links and running the Shields Up test. I was mortified that I was running wide open on the internet. That lead to following Steve's Network Bondage tutorial of binding and unbinding protocols and in a way this clueless user at the time could understand. I'll never forget my glee when I ran his Shields Up test and all my ports were closed.
Ahh...the binding protocols! FOND memories of those for 98SE. It nearly broke my heart to have to undo all that when I finally was able, with a computer with XP Pro SP2 (couldn't do it on my older XP Pro SP1 computer), to network my old 98SE computer. It really hurt to have to make that computer so vulnerable if it wasn't behind a router just so I could network it.

In fact, after I unbound everything that I had so carefully bound following Steve's instructions years ago, I forgot about it and my broadband went down one day. I had RR dialup on the 98SE computer, but hadn't yet put it on the XP Pro SP2 computer. So, I went to the 98SE box and proceeded to get on the internet via RR backup dialup. Imagine my utter surprise when, in about five minutes, NOD32 caught OpaServ! I had completely forgotten that I had made that computer vulnerable when not behind a router as I had no software firewall on it. I was lucky I had an AV on it. I uninstalled the dialup software and now use dialup only on XP that has Windows firewall running all the time in case of broadband outages and I go on dialup.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759601 Tue, 08 Jan 2008 06:00:39 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759504 said by Mele20:

Steve Gibson singlehandedly got me interested in computer security not long after I got my first computer in 1999. Every time I would try to read security sites, my eyes would glaze over and I would get very sleepy. Then I found GRC.com and wow! Here was someone explaining computer security for a newbie in a way that was interesting and easy for me, the newbie, to understand. I was able to completely secure my 98SE computer long before I found this forum and I had that computer tied down extremely tight and the credit goes to Steve. I'm at this forum, all these years now with my interest in computer security still going strong, because of Steve Gibson and the fact that he doesn't care if the "security snobs" ridicule his dramatic approach to security issues. That very approach engages the newbie and he understands that. Steve Gibson's site has an important role to play especially with newbies.In 2001, I wanted to "hide" my computer from the internet and I knew nothing of firewalls. I can't exactly remember how I stumbled upon Steve Gibson's site. I spent a few hours there clicking links and running the Shields Up test. I was mortified that I was running wide open on the internet. That lead to following Steve's Network Bondage tutorial of binding and unbinding protocols and in a way this clueless user at the time could understand. I'll never forget my glee when I ran his Shields Up test and all my ports were closed.
--
Team Discovery
Alaska Aces 2007-2008 record as of this post: 18-11-3]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759504 Tue, 08 Jan 2008 04:19:12 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759468
Notice however you don't see a lot of other people rushing to help noobs or Joe Sixpacks secure their PC's.

Personally, I applaud his efforts.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759468 Tue, 08 Jan 2008 03:44:14 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759331 http://www.dslreports.com/forum/Re-GRCcom-under-attack-19759331 Tue, 08 Jan 2008 02:14:28 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19758792 said by Mele20:

Steve Gibson singlehandedly got me interested in computer security not long after I got my first computer in 1999. Every time I would try to read security sites, my eyes would glaze over and I would get very sleepy. Then I found GRC.com and wow! Here was someone explaining computer security for a newbie in a way that was interesting and easy for me, the newbie, to understand. I was able to completely secure my 98SE computer long before I found this forum and I had that computer tied down extremely tight and the credit goes to Steve. I'm at this forum, all these years now with my interest in computer security still going strong, because of Steve Gibson and the fact that he doesn't care if the "security snobs" ridicule his dramatic approach to security issues. That very approach engages the newbie and he understands that. Steve Gibson's site has an important role to play especially with newbies.Mele20 ... you described my experience with GRC.com better than I could have done. Well said and thank you.
--
Very funny, Scotty. Now beam down my clothes.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19758792 Mon, 07 Jan 2008 23:23:25 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757977 http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757977 Mon, 07 Jan 2008 21:14:19 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757922
Anyhow, he likes to use a lot of large font on words, colors and other nice little tricks to suck the reader into his propaganda.

I'm not saying he lies about anything, he just uses a really nasty method of getting, and keeping, his userbase.
--
~~Desu]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757922 Mon, 07 Jan 2008 21:06:46 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757889 said by lucky644:

I'm not sure I understand, is his site being down a bad thing?
some folks in the sec./computer community
love it when someone like Steve fails or has
been wronged...not sure why...but I think
it has to do with beliefs and opins
like all of us we have them...so does Steve]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757889 Mon, 07 Jan 2008 21:03:09 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757866 bad thing?
--
~~Desu]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757866 Mon, 07 Jan 2008 20:58:58 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757751
Steve Gibson singlehandedly got me interested in computer security not long after I got my first computer in 1999. Every time I would try to read security sites, my eyes would glaze over and I would get very sleepy. Then I found GRC.com and wow! Here was someone explaining computer security for a newbie in a way that was interesting and easy for me, the newbie, to understand. I was able to completely secure my 98SE computer long before I found this forum and I had that computer tied down extremely tight and the credit goes to Steve. I'm at this forum, all these years now with my interest in computer security still going strong, because of Steve Gibson and the fact that he doesn't care if the "security snobs" ridicule his dramatic approach to security issues. That very approach engages the newbie and he understands that. Steve Gibson's site has an important role to play especially with newbies.

As for your saying he never updates the site, that is not true and much of the older parts of the site don't need updating. This is new. The members of GRC Newsgroups have been helping with this since early last fall.

»www.grc.com/passwords.htm
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757751 Mon, 07 Jan 2008 20:42:42 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757455
They haven't updated the site in a long time.

Dslreports surpasses grc in every way.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757455 Mon, 07 Jan 2008 19:59:50 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757438
»Re: GRC.com under attack?]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757438 Mon, 07 Jan 2008 19:56:20 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757422 said by hayc59:

said by Siko:

said by Pentangle:

Loaded no problem.
»www.grc.com/intro.htm

I second that.

3rd it all up and going
4th that
--
Send Spam Here: my.spamming.box@gmail.com
50686 Messages]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757422 Mon, 07 Jan 2008 19:52:57 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757355 said by Siko:

said by Pentangle:

Loaded no problem.
»www.grc.com/intro.htm

I second that.
3rd it all up and going]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757355 Mon, 07 Jan 2008 19:42:34 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757318 said by Pentangle:

Loaded no problem.
»www.grc.com/intro.htm
I second that.]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757318 Mon, 07 Jan 2008 19:35:43 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757312 »www.grc.com/intro.htm]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757312 Mon, 07 Jan 2008 19:34:35 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757263 said by Lanik:

Thanks my DNS seems to be fine but I can't pull up the site via its IP or the host name. I'll try again when I get to work.
Steve had to change the IP and now the problem is DNS propagation. My Ping Plotter is still pinging the old IP that Steve had L3 NOC null route yet I can get to his site just fine and it loads fast. Evidently, because it is on L3, which my ISP uses almost exclusively now (especially out of Orange RR in Southern Cal), DNS propagation for me was very fast, (whereas, it usually takes 24-48 hours with Road Runner).

Try this alias IP: 4.79.142.193

He says this was definitely a bot attack agains GRC.com:

"Our 100 mbit drop from Level3 was totally saturated so any
and all GRC services were nearly inaccessible. I was logging the
theoretical maximum minimum-size packet rate for a 100 mbit
Ethernet link -- 140,000 packets per second."

"I just think it was largely random. Bot fleets are so common
nowadays that very little provocation is required to become a
target. The Level3 engineer's response was quite telling ...
it sounded as if this sort of thing was what largely occupied
his time now.

When I said that I'd leave the IP 'dead' for a week or so, then
contact them he said "We typically wait 24 to 48 hours then
check back to see whether the attack has stopped." So he's
going to give me a ring on Wednesday.

(I imagine that mostly they dislike leaving null routes in their
core and aggregation routers.)"
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19757263 Mon, 07 Jan 2008 19:29:23 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756662 quote:

I'll try again when I get to work.

Your not missing anything Lanik. :D]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756662 Mon, 07 Jan 2008 17:42:04 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756562 said by Anonymous_:

...must be located in Los Angeles..
Yes in LA Area, Tustin I think.

3 7 ms 7 ms 7 ms SJC1.CR1.Gig6-0-20.dslextreme.com [66.218.44.57]
4 8 ms 8 ms 8 ms ge-8-0-142.ipcolo2.SanJose1.Level3.net [63.215.203.65]
5 12 ms 17 ms 18 ms vlan51.csw1.SanJose1.Level3.net [4.68.123.30]
6 8 ms 14 ms 17 ms ae-63-63.ebr3.SanJose1.Level3.net [4.69.134.225]
7 22 ms 18 ms 18 ms ae-2.ebr3.LosAngeles1.Level3.net [4.69.132.10]
8 16 ms 16 ms 17 ms ae-78.ebr2.LosAngeles1.Level3.net [4.69.135.13]
9 18 ms 18 ms 18 ms ae-2-54.bbr2.LosAngeles1.Level3.net [4.68.102.97]
10 19 ms 18 ms 18 ms so-2-0-0.mp1.Tustin1.Level3.net [209.247.8.114]
11 19 ms 17 ms 19 ms so-9-0.hsa1.Tustin1.Level3.net [4.68.114.6]
12 20 ms 17 ms 20 ms grc.com [4.79.142.200]
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756562 Mon, 07 Jan 2008 17:24:24 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756535 http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756535 Mon, 07 Jan 2008 17:19:48 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756531 --
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756531 Mon, 07 Jan 2008 17:18:59 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756525 i get very low pings to the site 33ms

(must be located in Los Angeles)]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756525 Mon, 07 Jan 2008 17:16:59 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756522 said by TalkRadio:

I am able to reach it with no problem as of 5:00PM EST. It sets two cookies (www.grc[1].txt & www.grctech[1].txt) too. I don't recall this site has setting or using cookies either. They both expire on 12/31/2045. I thought this guy was all about privacy and didn't even like the ideas of cookies?
»www.grc.com/privacy.htm
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/Re-GRCcom-under-attack-19756522 Mon, 07 Jan 2008 17:16:45 EDT