OT
He only has one complaint as far as I can see. The heart of the matter is contained in this excerpt from his letter to Microsoft (from the link I previously posted):
Windows 2000 and the forthcoming new MS platforms offer something never before seen in any Microsoft platform: A complete implementation of the Windows sockets RAW SOCKETS specification.
While, as a networking developer, I *love* the idea of having this much power, there is a serious DARK SIDE to this which troubles me greatly: For the first time ever, software running on Windows platforms -- including, presumably, the Home-Targeted Windows XP -- will be able to trivially generate IP packets carrying spoofed Source IP addresses.
Before now, the many tens of thousands of Trojans and Zombies being installed into insecure Windows boxes across the Internet on high-bandwidth connections have been COMPLETELY UNABLE to spoof their source IP's. This has been a blessing, since, until now, only UNIX derived boxes have had complete RAW_SOCK support.
But with Windows 2000, and WinXP, etc. ... Windows applications will be able to forge their "return address" -- which spells catastrophe for the integrity of the Internet.
The following excerpt from actual hacker source code displays great enthusiasm for this feature's potential for mischief:
> 6. Some words about DDoS from Windows OS.
> The new feature IP_HDRINCL that comes with win2k can make
> windows to a powerful DDoS server because it enables IP-
> spoofing!
>
> THE IP_HDRINCL
> setsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&bOpt,
> sizeof(bOpt));
>
> That means win2k-servers can become a base for DDoS that
> is equal to Unix servers.
Do you think that the ability to spoof source IPs on widely available consumer machines will not be a problem, and if so, why? |
