GRC.com under attack? in Security

GRC.com under attack? in Security http://www.dslreports.com/forum/r19753484 en Wed, 10 Feb 2010 08:47:15 EDT Wed, 10 Feb 2010 08:47:15 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19824081 Khaine :

said by SilenceGold

:

Freebsd, Linux..etc...have had raw sockets for years before Windows did.

Even I don't think the raw sockets are completely disabled on Windows XP SP2 because the Windows XP built in firewall should use some of it. What about nmap win32? or even wireshark?

FreeBSD or Linux have not even created any destruction of the Internet as Steve feared that Windows would do.

nmap and wireshark use the winpcap libraries.

According to this blog raw sockets are still in XP, they just have certain restrictions:

]]> http://www.dslreports.com/forum/remark,19824081 Thu, 17 Jan 2008 22:27:58 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19819560 SilenceGold : Freebsd, Linux..etc...have had raw sockets for years before Windows did.

Even I don't think the raw sockets are completely disabled on Windows XP SP2 because the Windows XP built in firewall should use some of it. What about nmap win32? or even wireshark?

FreeBSD or Linux have not even created any destruction of the Internet as Steve feared that Windows would do.]]> http://www.dslreports.com/forum/remark,19819560 Thu, 17 Jan 2008 11:44:24 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19816226 Khaine :

said by Just Bob

said by Khaine

said by Just Bob

:

Steve's point was that a mass market operating system with raw sockets available, where most of the systems are left in the default configuration and were easily compromised, was unwise.

There's always a trade-off between security and convenience. Thankfully, Microsoft has moved toward the security end of the scale and as one small part of that move has disabled raw sockets. In that context I do hope the benefits outweigh the cost.

However, just as a bot can easily install winpcap, so can you or I. There are systems other than XP (and now Vista) that are available to run nmap and other security tools. I don't see it as a major problem.

It's a moot point. Neither of us has to power to change Microsoft's decision to place a higher value on security and personally I wouldn't want to.

Permit or Deny? ;)

There may be other operating systems where said tools are no longer crippled, but that sort of defeats the purpose of using Windows.

I agree that it is good that Microsoft is taking security more seriously, however disabling raw sockets is just a stunt. It makes windows the only operating system where an admin cannot access raw sockets.

You may see this as increasing security, I see it as a marketing stunt.]]> http://www.dslreports.com/forum/remark,19816226 Wed, 16 Jan 2008 20:38:29 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19813646 AB :

said by Khaine

:

. . Second of all raw sockets were only accessable if you ran with Administrator privileges, which is clearly an alreadhy foolish thing to do. . . .

. . legitimate software tools have become crippled.

Somehow I don't think the benefits outweigh the costs do you?

I can't wait to hear the O.P. in this thread straighten you out on this 'Admin.' business, and explain to you just what it is that 'cripples' software! :D]]> http://www.dslreports.com/forum/remark,19813646 Wed, 16 Jan 2008 14:15:51 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19813559 Just Bob :

said by Khaine

said by Just Bob

:

Steve's point was that a mass market operating system with raw sockets available, where most of the systems are left in the default configuration and were easily compromised, was unwise.

said by Just Bob

:

Steve's point was that a mass market operating system with raw sockets available, where most of the systems are left in the default configuration and were easily compromised, was unwise.

And my point is any bots that are going to perform DDOS's are simply going to covertly install winpcap and continue on there merry way.

Second of all raw sockets were only accessable if you ran with Administrator privileges, which is clearly an alreadhy foolish thing to do.

So all that has happened is spoofing has become marginally harder, and legitimate software tools have become crippled.

Somehow I don't think the benefits outweigh the costs do you?]]> http://www.dslreports.com/forum/remark,19811285 Wed, 16 Jan 2008 06:47:14 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19810365 Just Bob : Steve's point was that a mass market operating system with raw sockets available, where most of the systems are left in the default configuration and were easily compromised, was unwise.

The proof of his contention was the MSBlast worm.
»www.news.com/2009-1002_3-5063226.html

Critics made the point that XP was (after SP2) the only major operating system that didn't support raw sockets.

In the spirit of full disclosure, I'm posting this message from Windows 2000 with raw socket capability. However, I'm also running Outpost Pro firewall, which blocks raw sockets by default and I must whitelist any application that I would allow to use raw sockets.

Here's another link that gives both sides of the issue:
»www.zdnet.com.au/news/security/s···6,00.htm

It may be worth noting that not long ago BBR was taken down by a SYN attack with the spoofed source ip of GRC, a 2fur attack that also took down GRC.
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/remark,19810365 Tue, 15 Jan 2008 23:54:35 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19810146 Khaine :

said by Just Bob

said by Khaine

:

And he did say that raw sockets would cause the destruction of the Internet as we know it.

Ok, to be fair, it is a slight exaggeration. However wikipedia claims that Steve Gibson states:

quote:
That raw sockets in Windows XP could be the "enabling factor for the creation of a series of 'Ultimate Weapons' against which the fundamentally trusting architecture of the global Internet currently has no effective defense".

Clearly his criticism of raw sockets are unfounded. No such doomsday tools have been created. Instead it has crippled certain applications, and hasn't even removed the risk of packet spoofing, as winpcap provides the same functionality.

That being said, his work, although full of hype, has made computer security something joe blow can understand and appreciate and for that he should be applauded. ]]> http://www.dslreports.com/forum/remark,19810146 Tue, 15 Jan 2008 23:18:55 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19806203 Doctor Four : Gibson may seem like he is pompous and over the top to some,
but the fact remains that he has done a lot within the
security community to raise awareness among users, especially
new ones.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/remark,19806203 Tue, 15 Jan 2008 14:10:52 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19803951 Just Bob :

said by Khaine

:

And he did say that raw sockets would cause the destruction of the Internet as we know it.

I've been staying out of this discussion, but I don't think that accurately describes Steve's position. For myself I'll just stick to the facts. Microsoft disabled raw sockets with the SP2 update to XP.
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/remark,19803951 Tue, 15 Jan 2008 07:54:46 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19803201 AB :

said by Steve

:

This is a different and completely unrelated kind of cookie: the pointed-to page talks about web cookies, but the discussion here is about a low-level TCP/IP concept of "syn cookies". . . .

Guess that's what I get for not paying close enough attention.

In that case, make mine peanut butter! :)]]> http://www.dslreports.com/forum/remark,19803201 Tue, 15 Jan 2008 00:45:30 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19803158 Steve :

said by AB

:

There's some talk about 'cookie invention' in this thread, if you're interested:

This is a different and completely unrelated kind of cookie: the pointed-to page talks about web cookies, but the discussion here is about a low-level TCP/IP concept of "syn cookies".

My understanding is that though Steve may well have invented the concept independently, it was already a solved problem, and his way was considerably broken (it ignored MSS, for instance).

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site]]> http://www.dslreports.com/forum/remark,19803158 Tue, 15 Jan 2008 00:35:08 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19803088 AB :

said by Khaine

said by qrkx

said by TalkRadio

:

I thought this guy was all about privacy and didn't even like the ideas of cookies?

He invented SYN cookies. And stealth too.

But that is only if I remember correctly...

According to wikipedia SYN Cookies was created by Daniel J. Bernstein and Eric Schenk in September of 1996, although Steve claims to have "independently invented" SYN cookies.

There's some talk about 'cookie invention' in this thread, if you're interested:

»Microsoft patents tracking cookies

. . He did invent the term stealth, and over-hype how much stealth was better then closed.

And he did say that raw sockets would cause the destruction of the Internet as we know it. . . .

Nostradamus didn't get 'em all right, either. ;) :D]]> http://www.dslreports.com/forum/remark,19803088 Tue, 15 Jan 2008 00:23:15 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19801868 Khaine :

said by qrkx

said by TalkRadio

:

I thought this guy was all about privacy and didn't even like the ideas of cookies?

He invented SYN cookies. And stealth too.

But that is only if I remember correctly...

As for the massive DDos SYN flood I hope all bots participating - yes both of them - will cease fire!

rgds

According to wikipedia SYN Cookies was created by Daniel J. Bernstein and Eric Schenk in September of 1996, although Steve claims to have "independently invented" SYN cookies.

He did invent the term stealth, and over-hype how much stealth was better then closed.

And he did say that raw sockets would cause the destruction of the Internet as we know it.

That being said, he has helped so many people take computer security seriously.]]> http://www.dslreports.com/forum/remark,19801868 Mon, 14 Jan 2008 21:00:36 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19792362 Pentangle :

said by agaprazr

:

My experience was very similar to that of owlbet. It seems to me that Steve Gibson has always had the common users back when it comes to PC security. I visit his site often, and I love his no nonsense plain english approach of explaining how things work.

You've expressed my views as well. Bravo Steve Gibson for helping less experienced users learn about computer security.
--
Life is like stepping onto a boat which is about to sail out to sea and sink. - Suzuki Roshi
]]> http://www.dslreports.com/forum/remark,19792362 Sun, 13 Jan 2008 13:37:51 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19765793 jmn1207 :

said by agaprazr

:

I visit his site often, and I love his no nonsense plain english approach of explaining how things work.

His plain English approach is probably due to the fact that English is not his first language...it's Assembly. :D ]]> http://www.dslreports.com/forum/remark,19765793 Wed, 09 Jan 2008 01:34:20 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19765758 agaprazr : My experience was very similar to that of owlbet. It seems to me that Steve Gibson has always had the common users back when it comes to PC security. I visit his site often, and I love his no nonsense plain english approach of explaining how things work.
--
...and the greatest of these is love. 1Cor.13:13]]> http://www.dslreports.com/forum/remark,19765758 Wed, 09 Jan 2008 01:17:09 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19765697 Steve :

said by KrK

:

Well you know what I mean.

All I can go on is what you actually say.

I say thumbs up to Steve Gibson.

As do I. He's done more to secure the internet than any other one person I can think of.

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site]]> http://www.dslreports.com/forum/remark,19765697 Wed, 09 Jan 2008 00:58:01 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19764844 KrK :

said by Steve

:

Oh yah?

Well you know what I mean. At the stores they just try and get people to buy lots of security programs they don't know how to use.

And yes, the forums here are great *but* honestly how many Joe Sixpacks come here? Some, maybe even a lot--- but there are so many more out there :)

I say thumbs up to Steve Gibson.
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!)]]> http://www.dslreports.com/forum/remark,19764844 Tue, 08 Jan 2008 21:51:44 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19764381 toadlife : I guess that settles it then. Raw sockets must be removed from Windows Vista.
--
Cufk, Tish, Sips]]> http://www.dslreports.com/forum/remark,19764381 Tue, 08 Jan 2008 20:48:13 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760985 kim : Sometimes it can be easy to forget that we all have the same goal, security. Steve Gibson is one of many, BBR included that work to achieve that goal. His methods may not be like others but is no less valuable for it.

In the quest to teach others about net security we are all on the same team. Or so I'd like to think.
--
Choose heaven for climate, hell for society.]]> http://www.dslreports.com/forum/remark,19760985 Tue, 08 Jan 2008 11:55:03 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760307 Steve :

said by KrK

:

Notice however you don't see a lot of other people rushing to help noobs or Joe Sixpacks secure their PC's.

Oh yah?]]> http://www.dslreports.com/forum/remark,19760307 Tue, 08 Jan 2008 10:03:05 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760293 jig :

said by KrK

:

Steve Gibson bashing seems to be all the rage.

Notice however you don't see a lot of other people rushing to help noobs or Joe Sixpacks secure their PC's.

Personally, I applaud his efforts.

bump]]> http://www.dslreports.com/forum/remark,19760293 Tue, 08 Jan 2008 10:00:10 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760201 Steve :

said by Lanik

:

Yes in LA Area, Tustin I think.

Level3 has a fine colo facility just off the 5 Freeway and Tustin Ranch Road]]> http://www.dslreports.com/forum/remark,19760201 Tue, 08 Jan 2008 09:43:05 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760182 anon : My experience is not much different from that of many others.
I found the Shieldsup! grc.com pages some time after I got an internet connection - dialup, windows 95 - ca 1998.

Did the port un-binding thing per Steve's writings, got to learn how to use a news-reader expressly in order to join his grc.news server... and since then have never ceased to learn from, and occasionally try to contribute to, the exceptional community that hangs out there under Steve Gibson's benevolent supervision. ]]> http://www.dslreports.com/forum/remark,19760182 Tue, 08 Jan 2008 09:37:41 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760176 tradnav : Count me in as a member of the pro Steve Gibson lobby. Several years ago grc.com was a very important place for this struggling newbie. I don't haunt it now like I do DSLR but still visit occasionally and take advantage of ShieldsUp and PerfectPasswords.]]> http://www.dslreports.com/forum/remark,19760176 Tue, 08 Jan 2008 09:37:13 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19760056 HA Nut : I agree with many here that Steve Gibson was one of the pioneers of PC security for the rest of us. I learned a lot from him and still have great respect for his thoughts and opinions. The very reason I knew grc.com was down is because I still use it for a couple of things (ShieldsUp and Perfect Passwords.)

And Mele20, you also described my early experiences to a "T" with Win 98 and grc.com... :)]]> http://www.dslreports.com/forum/remark,19760056 Tue, 08 Jan 2008 09:15:40 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19759601 Mele20 :

said by Owlbet

:

In 2001, I wanted to "hide" my computer from the internet and I knew nothing of firewalls. I can't exactly remember how I stumbled upon Steve Gibson's site. I spent a few hours there clicking links and running the Shields Up test. I was mortified that I was running wide open on the internet. That lead to following Steve's Network Bondage tutorial of binding and unbinding protocols and in a way this clueless user at the time could understand. I'll never forget my glee when I ran his Shields Up test and all my ports were closed.

Ahh...the binding protocols! FOND memories of those for 98SE. It nearly broke my heart to have to undo all that when I finally was able, with a computer with XP Pro SP2 (couldn't do it on my older XP Pro SP1 computer), to network my old 98SE computer. It really hurt to have to make that computer so vulnerable if it wasn't behind a router just so I could network it.

In fact, after I unbound everything that I had so carefully bound following Steve's instructions years ago, I forgot about it and my broadband went down one day. I had RR dialup on the 98SE computer, but hadn't yet put it on the XP Pro SP2 computer. So, I went to the 98SE box and proceeded to get on the internet via RR backup dialup. Imagine my utter surprise when, in about five minutes, NOD32 caught OpaServ! I had completely forgotten that I had made that computer vulnerable when not behind a router as I had no software firewall on it. I was lucky I had an AV on it. I uninstalled the dialup software and now use dialup only on XP that has Windows firewall running all the time in case of broadband outages and I go on dialup.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,19759601 Tue, 08 Jan 2008 06:00:39 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19759504 Owlbet :

said by Mele20

:

Steve Gibson singlehandedly got me interested in computer security not long after I got my first computer in 1999. Every time I would try to read security sites, my eyes would glaze over and I would get very sleepy. Then I found GRC.com and wow! Here was someone explaining computer security for a newbie in a way that was interesting and easy for me, the newbie, to understand. I was able to completely secure my 98SE computer long before I found this forum and I had that computer tied down extremely tight and the credit goes to Steve. I'm at this forum, all these years now with my interest in computer security still going strong, because of Steve Gibson and the fact that he doesn't care if the "security snobs" ridicule his dramatic approach to security issues. That very approach engages the newbie and he understands that. Steve Gibson's site has an important role to play especially with newbies.

In 2001, I wanted to "hide" my computer from the internet and I knew nothing of firewalls. I can't exactly remember how I stumbled upon Steve Gibson's site. I spent a few hours there clicking links and running the Shields Up test. I was mortified that I was running wide open on the internet. That lead to following Steve's Network Bondage tutorial of binding and unbinding protocols and in a way this clueless user at the time could understand. I'll never forget my glee when I ran his Shields Up test and all my ports were closed.
--
Team Discovery
Alaska Aces 2007-2008 record as of this post: 18-11-3]]> http://www.dslreports.com/forum/remark,19759504 Tue, 08 Jan 2008 04:19:12 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19759468 KrK : Steve Gibson bashing seems to be all the rage.

Notice however you don't see a lot of other people rushing to help noobs or Joe Sixpacks secure their PC's.

Personally, I applaud his efforts.]]> http://www.dslreports.com/forum/remark,19759468 Tue, 08 Jan 2008 03:44:14 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19759331 Old Computer : I agree. He helped me to use Software Firewall long before I use a router. I start to use Firewall in 1997 with AtGuard and GRC' site was very helpful:)]]> http://www.dslreports.com/forum/remark,19759331 Tue, 08 Jan 2008 02:14:28 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19758792 Traxless :

said by Mele20

Mele20 ... you described my experience with GRC.com better than I could have done. Well said and thank you.
--
Very funny, Scotty. Now beam down my clothes.]]> http://www.dslreports.com/forum/remark,19758792 Mon, 07 Jan 2008 23:23:25 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757977 hayc59 : Lucky..another fine opin ;)]]> http://www.dslreports.com/forum/remark,19757977 Mon, 07 Jan 2008 21:14:19 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757922 lucky644 : I don't care if he fails, but i do care that he uses tactics on people that you'd generally only see in politics or 'tabloid' newsprint (i think its called tabloid...)

Anyhow, he likes to use a lot of large font on words, colors and other nice little tricks to suck the reader into his propaganda.

I'm not saying he lies about anything, he just uses a really nasty method of getting, and keeping, his userbase.
--
~~Desu]]> http://www.dslreports.com/forum/remark,19757922 Mon, 07 Jan 2008 21:06:46 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757889 hayc59 :

said by lucky644

:

I'm not sure I understand, is his site being down a bad thing?

some folks in the sec./computer community
love it when someone like Steve fails or has
been wronged...not sure why...but I think
it has to do with beliefs and opins
like all of us we have them...so does Steve]]> http://www.dslreports.com/forum/remark,19757889 Mon, 07 Jan 2008 21:03:09 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757866 lucky644 : I'm not sure I understand, is his site being down a bad thing?
--
~~Desu]]> http://www.dslreports.com/forum/remark,19757866 Mon, 07 Jan 2008 20:58:58 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757751 Mele20 : You can't compare the two sites. They are totally different.

Steve Gibson singlehandedly got me interested in computer security not long after I got my first computer in 1999. Every time I would try to read security sites, my eyes would glaze over and I would get very sleepy. Then I found GRC.com and wow! Here was someone explaining computer security for a newbie in a way that was interesting and easy for me, the newbie, to understand. I was able to completely secure my 98SE computer long before I found this forum and I had that computer tied down extremely tight and the credit goes to Steve. I'm at this forum, all these years now with my interest in computer security still going strong, because of Steve Gibson and the fact that he doesn't care if the "security snobs" ridicule his dramatic approach to security issues. That very approach engages the newbie and he understands that. Steve Gibson's site has an important role to play especially with newbies.

As for your saying he never updates the site, that is not true and much of the older parts of the site don't need updating. This is new. The members of GRC Newsgroups have been helping with this since early last fall.

»https://www.grc.com/passwords.htm
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,19757751 Mon, 07 Jan 2008 20:42:42 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757455 anon : GRC is a poser site

They haven't updated the site in a long time.

Dslreports surpasses grc in every way.]]> http://www.dslreports.com/forum/remark,19757455 Mon, 07 Jan 2008 19:59:50 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757438 Grail Knight : Working fine,

»Re: GRC.com under attack?]]> http://www.dslreports.com/forum/remark,19757438 Mon, 07 Jan 2008 19:56:20 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757422 Anonymous_ :

said by hayc59

said by Siko

said by Pentangle

:

Loaded no problem.
»www.grc.com/intro.htm

I second that.

3rd it all up and going

4th that
--
Send Spam Here: my.spamming.box@gmail.com
50686 Messages]]> http://www.dslreports.com/forum/remark,19757422 Mon, 07 Jan 2008 19:52:57 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757355 hayc59 :

said by Siko

said by Pentangle

:

Loaded no problem.
»www.grc.com/intro.htm

I second that.

3rd it all up and going]]> http://www.dslreports.com/forum/remark,19757355 Mon, 07 Jan 2008 19:42:34 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757318 Siko :

said by Pentangle

:

Loaded no problem.
»www.grc.com/intro.htm

I second that.]]> http://www.dslreports.com/forum/remark,19757318 Mon, 07 Jan 2008 19:35:43 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757312 Pentangle : Loaded no problem.
»www.grc.com/intro.htm]]> http://www.dslreports.com/forum/remark,19757312 Mon, 07 Jan 2008 19:34:35 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19757263 Mele20 :

said by Lanik

:

Thanks my DNS seems to be fine but I can't pull up the site via its IP or the host name. I'll try again when I get to work.

Steve had to change the IP and now the problem is DNS propagation. My Ping Plotter is still pinging the old IP that Steve had L3 NOC null route yet I can get to his site just fine and it loads fast. Evidently, because it is on L3, which my ISP uses almost exclusively now (especially out of Orange RR in Southern Cal), DNS propagation for me was very fast, (whereas, it usually takes 24-48 hours with Road Runner).

Try this alias IP: 4.79.142.193

He says this was definitely a bot attack agains GRC.com:

"Our 100 mbit drop from Level3 was totally saturated so any
and all GRC services were nearly inaccessible. I was logging the
theoretical maximum minimum-size packet rate for a 100 mbit
Ethernet link -- 140,000 packets per second."

"I just think it was largely random. Bot fleets are so common
nowadays that very little provocation is required to become a
target. The Level3 engineer's response was quite telling ...
it sounded as if this sort of thing was what largely occupied
his time now.

When I said that I'd leave the IP 'dead' for a week or so, then
contact them he said "We typically wait 24 to 48 hours then
check back to see whether the attack has stopped." So he's
going to give me a ring on Wednesday.

(I imagine that mostly they dislike leaving null routes in their
core and aggregation routers.)"
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,19757263 Mon, 07 Jan 2008 19:29:23 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756662 Grail Knight :

quote:
I'll try again when I get to work.

Your not missing anything Lanik. :D]]> http://www.dslreports.com/forum/remark,19756662 Mon, 07 Jan 2008 17:42:04 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756562 Lanik :

said by Anonymous_

:

...must be located in Los Angeles..

Yes in LA Area, Tustin I think.

3 7 ms 7 ms 7 ms SJC1.CR1.Gig6-0-20.dslextreme.com [66.218.44.57]
4 8 ms 8 ms 8 ms ge-8-0-142.ipcolo2.SanJose1.Level3.net [63.215.203.65]
5 12 ms 17 ms 18 ms vlan51.csw1.SanJose1.Level3.net [4.68.123.30]
6 8 ms 14 ms 17 ms ae-63-63.ebr3.SanJose1.Level3.net [4.69.134.225]
7 22 ms 18 ms 18 ms ae-2.ebr3.LosAngeles1.Level3.net [4.69.132.10]
8 16 ms 16 ms 17 ms ae-78.ebr2.LosAngeles1.Level3.net [4.69.135.13]
9 18 ms 18 ms 18 ms ae-2-54.bbr2.LosAngeles1.Level3.net [4.68.102.97]
10 19 ms 18 ms 18 ms so-2-0-0.mp1.Tustin1.Level3.net [209.247.8.114]
11 19 ms 17 ms 19 ms so-9-0.hsa1.Tustin1.Level3.net [4.68.114.6]
12 20 ms 17 ms 20 ms grc.com [4.79.142.200]
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,19756562 Mon, 07 Jan 2008 17:24:24 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756535 Anonymous_ : loads Very fast for me]]> http://www.dslreports.com/forum/remark,19756535 Mon, 07 Jan 2008 17:19:48 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756531 Lanik : Thanks my DNS seems to be fine but I can't pull up the site via its IP or the host name. I'll try again when I get to work.
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,19756531 Mon, 07 Jan 2008 17:18:59 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756525 Anonymous_ : try: 4.79.142.200
i get very low pings to the site 33ms

(must be located in Los Angeles)]]> http://www.dslreports.com/forum/remark,19756525 Mon, 07 Jan 2008 17:16:59 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756522 Just Bob :

said by TalkRadio

:

I am able to reach it with no problem as of 5:00PM EST. It sets two cookies (www.grc[1].txt & www.grctech[1].txt) too. I don't recall this site has setting or using cookies either. They both expire on 12/31/2045. I thought this guy was all about privacy and didn't even like the ideas of cookies?

»www.grc.com/privacy.htm
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/remark,19756522 Mon, 07 Jan 2008 17:16:45 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756517 qrkx :

said by TalkRadio

:

I thought this guy was all about privacy and didn't even like the ideas of cookies?

He invented SYN cookies. And stealth too.

But that is only if I remember correctly...

As for the massive DDos SYN flood I hope all bots participating - yes both of them - will cease fire!

rgds]]> http://www.dslreports.com/forum/remark,19756517 Mon, 07 Jan 2008 17:15:25 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756461 TalkRadio : I am able to reach it with no problem as of 5:00PM EST. It sets two cookies (www.grc[1].txt & www.grctech[1].txt) too. I don't recall this site has setting or using cookies either. They both expire on 12/31/2045. I thought this guy was all about privacy and didn't even like the ideas of cookies?]]> http://www.dslreports.com/forum/remark,19756461 Mon, 07 Jan 2008 17:05:04 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756431 Lanik : Yes, I still can't pull it up. :hmm:
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,19756431 Mon, 07 Jan 2008 17:00:18 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19756391 Anonymous_ : is this what the site should look like?

]]> http://www.dslreports.com/forum/remark,19756391 Mon, 07 Jan 2008 16:55:10 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755998 Doctor Four : It was indeed an attack - a posting to grc.news on their
temporary newsgroup server says so:

»12078.net/grcnews/article.php?id···news#824

quote:
Gang,

As you can see, we are back up (for the time being) after being
pushed off the Net by a massive, classic, DDoS TCP SYN flood.

This is the first attack we've suffered since we've been with
Level3 that was beyond our ability to handle with GRC's own
technology.

The attack began in the early hours of Sunday morning, at about
9:14 GMT (1:14 am PST) and is still ongoing.

I hope that whoever decided to aim their bot fleet at us had
simply left it running and aimed at us and is not bound and
determined to keep GRC off the Net ... because they have the
bandwidth to do so.

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/remark,19755998 Mon, 07 Jan 2008 15:47:37 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755987 La Luna :

said by Just Bob

:

....Do you think it might be weather related?

There is/was some seriously bad weather out west.

FWIW, I just tried, page loaded instantly from here.]]> http://www.dslreports.com/forum/remark,19755987 Mon, 07 Jan 2008 15:46:28 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755963 Lee GWB : fine here in NJ\]]> http://www.dslreports.com/forum/remark,19755963 Mon, 07 Jan 2008 15:43:01 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755949 Lanik : Sure ... sure we all know who did it. :D

*wink* *wink* *nudge* *nudge*
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,19755949 Mon, 07 Jan 2008 15:41:31 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755940 Daniel : He paid me to attack him. Good publicity.

j/k

(I wasn't paid)

j/k

No, seriously...I kid. Seriously.
--
dmiessler.com -- grep understanding knowledge]]> http://www.dslreports.com/forum/remark,19755940 Mon, 07 Jan 2008 15:39:46 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755746 Sindows 7 :

said by jmn1207

said by Doctor Four

:

His site's been under attack before. So I would not be
surprised to hear that it is happening again.

ya I was just thinking, he may be attacking his own site for testing?

I'm sure the will be a "security now" podcast about it..]]> http://www.dslreports.com/forum/remark,19755746 Mon, 07 Jan 2008 15:06:26 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755670 Traxless : The grc.com site is up from this part of the world.
--
Very funny, Scotty. Now beam down my clothes.]]> http://www.dslreports.com/forum/remark,19755670 Mon, 07 Jan 2008 14:52:24 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755564 jmn1207 :

said by Doctor Four

:

His site's been under attack before. So I would not be
surprised to hear that it is happening again.

Yep, he is a target. These attacks are probably the best thing for driving more traffic and gaining notoriety. Gibson has a flair for the dramatics, and the consequent discussions about these attacks are often entertaining to peruse.]]> http://www.dslreports.com/forum/remark,19755564 Mon, 07 Jan 2008 14:36:01 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19755532 Just Bob : I get no response from www.grc.com, but grc.com (4.79.142.200)looks to be healthy.

Do you think it might be weather related?
--
I do hereby call for more authoritative links and fewer opinions.
]]> http://www.dslreports.com/forum/remark,19755532 Mon, 07 Jan 2008 14:30:45 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19754406 Doctor Four : Still down as of this morning.

His site's been under attack before. So I would not be
surprised to hear that it is happening again.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/remark,19754406 Mon, 07 Jan 2008 11:06:10 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19753603 HA Nut : Yeah, I noticed this too on Sunday. Either server issues or getting hammered!]]> http://www.dslreports.com/forum/remark,19753603 Mon, 07 Jan 2008 07:42:49 EDT Re: GRC.com under attack? http://www.dslreports.com/forum/remark,19753488 Bob Anderson : Something is wrong, that's for sure.

-Bob]]> http://www.dslreports.com/forum/remark,19753488 Mon, 07 Jan 2008 06:20:28 EDT GRC.com under attack? http://www.dslreports.com/forum/remark,19753484 Mele20 : Anyone know what is going on at GRC.com? The Newsgroup server has been down for about 24 hours and currently the site will not load.

]]> http://www.dslreports.com/forum/remark,19753484 Mon, 07 Jan 2008 06:16:49 EDT