Ipv6 vulnerability explained

In depth discussion, of the Microsoft IPV6 flaw/virus/exploit, and
several potential protection avenues.

My choice is simply to dump anything Microsoft, as I did in 1997, and
choose GNU/Linux, ( Linuxmint.com ), one of the BSDs, as has Microsoft
corporation, beginning with the Hotmail acquisition in 1997!

Now, all MSN and Hotmail servers run Linux or BSD. All Microsoft update
servers, and all tech. support lines are behind Linux servers!

MS leases 15,000 Akamai Linux servers, runs 400 Aruba Linux
firewall/routers on the MS Corp. network. The MS development lab sports
over 500 Linux workstations.

Microsoft runs on Professional grade OSes BSD and GNU/Linux.

http://samsclass.info/ipv6/proj/flood-router6a.htm

Le 18/07/2011 17:54, BigRedTruck a écrit :
> In depth discussion, of the Microsoft IPV6 flaw/virus/exploit, and
> several potential protection avenues.

This is a LAN exploit, which limit ( a bit) the risks ? (a DOS on a LAN
is still possible, and can be really annoying, but at least you cna not
DOS a remote machine)

> Now, all MSN and Hotmail servers run Linux or BSD. All Microsoft update
> servers, and all tech. support lines are behind Linux servers!

Do they ?

$ lynx -head -source http://www.hotmail.com/ | grep Server
Server: Microsoft-IIS/6.0

$ lynx -head -source http://www.msn.com/ | grep Server
Server: Microsoft-IIS/6.0

On 18.07.2011 20:21, Xavier Roche wrote:
>
> This is a LAN exploit, which limit ( a bit) the risks ? (a DOS on a LAN
> is still possible, and can be really annoying, but at least you cna not
> DOS a remote machine)

You can DoS a remote machine if it's on the same network as a
compromised host under your control.

And it's incredibly easy to do and requires no extra software. MS
definitely should issue a fix ASAP.

On Monday 18 July 2011 17:54 in comp.os.linux.networking, BigRedTruck
enlightened humanity with the following words...:

> In depth discussion, of the Microsoft IPV6 flaw/virus/exploit, and
> several potential protection avenues.
>
> My choice is simply to dump anything Microsoft, as I did in 1997, and
> choose GNU/Linux, ( Linuxmint.com ), one of the BSDs, as has Microsoft
> corporation, beginning with the Hotmail acquisition in 1997!
>
> Now, all MSN and Hotmail servers run Linux or BSD.

No, not anymore. This was the case when Microsoft acquired Hotmail, but
then somewhere in the early 2000s they converted evertything to NT 4.0
and Windows 2000. That's why things went grossly wrong over at Hotmail.
Service unavailability, exploits, you name it.

> All Microsoft update servers, and all tech. support lines are behind
> Linux servers!

I seriously doubt that, because that's not Microsoft's style. However,
they are probably using GNU/Linux for firewalling, that much is true.
And they do have a "Linux Lab", where they try to figure out how to
steal ideas frm GNU/Linux (or FOSS in general) for reimplementation in
their own products without anyone noticing it.

This is exactly why they have released Hyper-V as GPL'd. They got
caught red-handed while hard-linking a GPL'd network driver in Hyper-V.
They then put a spin on that story and claimed that they were releasing
Hyper-V under the GPL in order to allow the Linux kernel to run on
Hyper-V. The Hyper-V support code was briefly adopted in the mainline
Linux kernel, but from then on Microsoft no longer seemed interested in
maintaining the code, and eventually the code was dropped from the Linux
kernel again.

Microsoft and GPL do not mix. The GPL goes against everything Microsoft
stands for, which is the leveraging of power - yes, power, not money.

> MS leases 15,000 Akamai Linux servers, runs 400 Aruba Linux
> firewall/routers on the MS Corp. network.

Now _that_ is true.

> The MS development lab sports over 500 Linux workstations.

I'm not sure on the numbers, but yes, they have what they term a "Linux
Lab". But their intent is of course not to develop Free Software, or
software that runs in GNU/Linux. Their intent is to try and steal from
GNU/Linux, and possibly to look for leverage for patent trolling,
although the odds to that must be very small or else they would already
have done that by now.

> Microsoft runs on Professional grade OSes BSD and GNU/Linux.

Not microsoft.com itself, but they do have GNU/Linux and BSD machines,
that's true.

--
Aragorn
(registered GNU/Linux user #223157)

On Monday 18 July 2011 20:37 in comp.os.linux.networking, KR enlightened
humanity with the following words...:

> On 18.07.2011 20:21, Xavier Roche wrote:
>
>> This is a LAN exploit, which limit ( a bit) the risks ? (a DOS on a
>> LAN is still possible, and can be really annoying, but at least you
>> cna not DOS a remote machine)
>
> You can DoS a remote machine if it's on the same network as a
> compromised host under your control.

Don't forget smurf attacks. We've had our network attacked in that way
in the past.

> And it's incredibly easy to do and requires no extra software. MS
> definitely should issue a fix ASAP.

Microsoft only issues fixes for vulnerabilities which become a big
enough issue in the public opionion. Even if they know a vulnerability
to exist, then they still won't patch it for as long as nobody else
seems to notice.

If Microsoft really cared about technical excellence, then they wouldn't
be selling licenses for that abomination called Windows. They'd be
contributing to the development of GNU/Linux or another FLOSS project,
or they'd be releasing a proprietary UNIX variant.

Speaking of which, they did at the time have a joint project with SCO -
the original Santa Cruz Operation, not Caldera Systems, alias "the SCO
Group" - for Xenix, a 16-bit real mode UNIX clone for the Intel i8086
processor.

All Microsoft cares about is power. Not even money. Money is just a
tool, and in this society, it doesn't matter how much money you have.
What matters is who has it and who doesn't. And Microsoft, as an ultra-
corporatist and cryptofascist entity, understands that game very well.

--
Aragorn
(registered GNU/Linux user #223157)

In article <j02kbf$4pd$(E-Mail Removed)>, (E-Mail Removed)d
(Aragorn) writes:

> This is exactly why they have released Hyper-V as GPL'd. They
> got caught red-handed while hard-linking a GPL'd network driver
> in Hyper-V. They then put a spin on that story and claimed that
> they were releasing Hyper-V under the GPL in order to allow the
> Linux kernel to run on Hyper-V. The Hyper-V support code was
> briefly adopted in the mainline Linux kernel, but from then on
> Microsoft no longer seemed interested in maintaining the code,
> and eventually the code was dropped from the Linux kernel again.

Sounds like the Win98/Java fiasco all over again. Some things
never change.

> I'm not sure on the numbers, but yes, they have what they term a
> "Linux Lab". But their intent is of course not to develop Free
> Software, or software that runs in GNU/Linux. Their intent is
> to try and steal from GNU/Linux, and possibly to look for leverage
> for patent trolling, although the odds to that must be very small
> or else they would already have done that by now.

They're probably also looking for subtle ways to break compatibility,
like the Win2K patch that would cause any attempts to connect to
another machine for file sharing to first send an invalid command
and examine the error message that came back. That way it could
detect whether the remote machine was running Samba and refuse to
work if so. (All hail the open source community; a patch that made
Samba successfully spoof a Microsoft SMB server was out in days.)

--
/~\ (E-Mail Removed)d (Charlie Gibbs)
\ / I'm really at ac.dekanfrus if you read it the right way.
X Top-posted messages will probably be ignored. See RFC1855.
/ \ HTML will DEFINITELY be ignored. Join the ASCII ribbon campaign!

On Wednesday 20 July 2011 18:15 in comp.os.linux.networking, Charlie
Gibbs enlightened humanity with the following words...:

> In article <j02kbf$4pd$(E-Mail Removed)>, (E-Mail Removed)d
> (Aragorn) writes:
>
>> This is exactly why they have released Hyper-V as GPL'd. They
>> got caught red-handed while hard-linking a GPL'd network driver
>> in Hyper-V. They then put a spin on that story and claimed that
>> they were releasing Hyper-V under the GPL in order to allow the
>> Linux kernel to run on Hyper-V. The Hyper-V support code was
>> briefly adopted in the mainline Linux kernel, but from then on
>> Microsoft no longer seemed interested in maintaining the code,
>> and eventually the code was dropped from the Linux kernel again.
>
> Sounds like the Win98/Java fiasco all over again. Some things
> never change.

Well, I don't really know about that one. The only Windows versions I
have used on my own computers are Windows 3.0/3.1 on DOS (for six
months, pending the official availability of IBM's OS/2 2.0) and Windows
NT 4.0 Workstation (for two years).

In my opinion, Win95/98/ME were a scam. And in hindsight, so was NT.

>> I'm not sure on the numbers, but yes, they have what they term a
>> "Linux Lab". But their intent is of course not to develop Free
>> Software, or software that runs in GNU/Linux. Their intent is
>> to try and steal from GNU/Linux, and possibly to look for leverage
>> for patent trolling, although the odds to that must be very small
>> or else they would already have done that by now.
>
> They're probably also looking for subtle ways to break compatibility,

Oh, but of course! If it doesn't have a Microsoft patent attached to
it, they refuse to be compatible with it. That's why they were pushing
MS-OOXML as an internationally acknowledged document format. It gave
them an excuse to not be compatible with ODF.

> like the Win2K patch that would cause any attempts to connect to
> another machine for file sharing to first send an invalid command
> and examine the error message that came back. That way it could
> detect whether the remote machine was running Samba and refuse to
> work if so. (All hail the open source community; a patch that made
> Samba successfully spoof a Microsoft SMB server was out in days.)

And a UNIX machine running Samba actually outperforms a genuine Windows
server, is more stable and robust, and can act as a Samba domain
controller. ;-)

--
Aragorn
(registered GNU/Linux user #223157)