ZDNet - Tech Update - "Security issues move Linksys routers off the short list"

Just sharing...

http://techupdate.zdnet.com/techupda..._and_DDoS.html



--

To reply by e-mail, remove the "-nospam-" from the reply to address

On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh

>Just sharing...
>
>http://techupdate.zdnet.com/techupda..._and_DDoS.html


"David Berlind's Reality Check"?

Seriously, the one who needs a reality check may be David Berlind
himself. Complaining about port 113 being closed as opposed to stealth
while considering UPnP for firewall devices is a good thing clearly
shows how David Berlind doesn't know enough about the topic at hand to
be considered an expert giving advice to others.



Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Lars M. Hansen wrote:
> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>
>> Just sharing...
>>
>>
http://techupdate.zdnet.com/techupda..._and_DDoS.html
>
>
> "David Berlind's Reality Check"?
>
> Seriously, the one who needs a reality check may be David Berlind
> himself. Complaining about port 113 being closed as opposed to stealth
> while considering UPnP for firewall devices is a good thing clearly
> shows how David Berlind doesn't know enough about the topic at hand to
> be considered an expert giving advice to others.
>
>
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)

If you have a quantitative viewpoint on the article, I for one will be
happy to read what you have to say.

Q

The majority of people are not going to scan IP addresses in order to find
targets for DoS attacks (especially, when all one has to do is look at the
headers of e-mail messages from people who one does not like). Sure, there
might be occasional random DoS attacks, but those are unlikely to last for a
long time and are unlikely to originate from more than a few hosts. Sure,
the presence of a port that responds to incoming connections might subject
ones other ports to increased scanning. However, neither of these two are
exceptionally worrisome.

I would be much more worried if Linksys routers could be remotely
compromised to give people access to a LAN (e.g. by placing a computer into
the DMZ). As long as that is not the case, I'm not worried. As far as UPnP
is concerned, there has to be a way of allowing certain ports to be
forwarded; and manually configuring ports is too difficult for most home
users. Sure, UPnP could be exploited by worms to communicate with one
another, and UPnP could allow poorly-written applications to compomise a
computer behind an otherwise properly-configured router, but UPnP alone will
not allow a worm to propagate to a computer that is behind a router that
does not allow incoming connections.

-Yves

"Quaoar" <(E-Mail Removed)> wrote in message
news:GuednXJPypp1IuvdRVn-(E-Mail Removed)...
> Lars M. Hansen wrote:
> > On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
> >
> >> Just sharing...
> >>
> >>
>
http://techupdate.zdnet.com/techupda..._and_DDoS.html
> >
> >
> > "David Berlind's Reality Check"?
> >
> > Seriously, the one who needs a reality check may be David Berlind
> > himself. Complaining about port 113 being closed as opposed to stealth
> > while considering UPnP for firewall devices is a good thing clearly
> > shows how David Berlind doesn't know enough about the topic at hand to
> > be considered an expert giving advice to others.
> >
> >
> >
> > Lars M. Hansen
> > http://www.hansenonline.net
> > (replace 'badnews' with 'news' in e-mail address)
>
> If you have a quantitative viewpoint on the article, I for one will be
> happy to read what you have to say.
>
> Q
>
>

Lars M. Hansen <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>
>>Just sharing...
>>
>>http://techupdate.zdnet.com/techupda...ys_routers_and
>>_DDoS.html
>
>
> "David Berlind's Reality Check"?
>
> Seriously, the one who needs a reality check may be David Berlind
> himself. Complaining about port 113 being closed as opposed to stealth
> while considering UPnP for firewall devices is a good thing clearly
> shows how David Berlind doesn't know enough about the topic at hand to
> be considered an expert giving advice to others.

I agree. He seems to be getting all excited about something he knows little
about. Complaining about using a port closed in one breath then suggesting
UPnP to be used the next.

Lots of people are using the Linksys routers and getting better than
average security compared to people who've got nothing. And I've seen just
as many Zone Alarm misconfigurations to know that it's not really any
"safer". I spent an entire weekened trying to remotely get my sister's
Zone Alarm config to work properly with VNC before we finally uninstalled
it. Not that I'm bashing a free product but seriously, they all have their
issues.

Anyone who is willing to spend the low price to put one of these cheap DSL
/ cable routers on in front of their PC is getting at least some basic
level of security that the majority of users out there simply don't have or
are not using (ie XP / 2003 internet security). I found it laughable that
the author suggests he'd be going with Netgear, as if their support is
somehow so much better. All the support in this price range leaves
something to be desired, but in my opinion these hardware devices require
less support than the comparable software solutions.

Mr. Grinch wrote:
> Lars M. Hansen <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>>
>>> Just sharing...
>>>
>>>
http://techupdate.zdnet.com/techupda...ys_routers_and
>>> _DDoS.html
>>
>>
>> "David Berlind's Reality Check"?
>>
>> Seriously, the one who needs a reality check may be David Berlind
>> himself. Complaining about port 113 being closed as opposed to
>> stealth while considering UPnP for firewall devices is a good thing
>> clearly shows how David Berlind doesn't know enough about the topic
>> at hand to be considered an expert giving advice to others.
>
> I agree. He seems to be getting all excited about something he knows
> little about. Complaining about using a port closed in one breath
> then suggesting UPnP to be used the next.
>
> Lots of people are using the Linksys routers and getting better than
> average security compared to people who've got nothing. And I've
> seen just as many Zone Alarm misconfigurations to know that it's not
> really any "safer". I spent an entire weekened trying to remotely
> get my sister's Zone Alarm config to work properly with VNC before we
> finally uninstalled it. Not that I'm bashing a free product but
> seriously, they all have their issues.
>
> Anyone who is willing to spend the low price to put one of these
> cheap DSL / cable routers on in front of their PC is getting at least
> some basic level of security that the majority of users out there
> simply don't have or are not using (ie XP / 2003 internet security).
> I found it laughable that the author suggests he'd be going with
> Netgear, as if their support is somehow so much better. All the
> support in this price range leaves something to be desired, but in my
> opinion these hardware devices require less support than the
> comparable software solutions.

Three ad hominem replies about why Berlind knows nothing, but nothing
quantitative about why he is incorrect. Suspect the posters themselves
know nothing.

Q

thanks for keeping count and adding nothing.

--

"Quaoar" <(E-Mail Removed)> wrote in message
news:cMSdnfPuv6G_YOvdRVn-(E-Mail Removed)...

> Three ad hominem replies about why Berlind knows nothing, but nothing
> quantitative about why he is incorrect. Suspect the posters themselves
> know nothing.
>
> Q
>
>

On Fri, 9 Apr 2004 09:23:18 -0600, Quaoar spoketh

>Lars M. Hansen wrote:
>> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>>
>>> Just sharing...
>>>
>>>
>http://techupdate.zdnet.com/techupda..._and_DDoS.html
>>
>>
>> "David Berlind's Reality Check"?
>>
>> Seriously, the one who needs a reality check may be David Berlind
>> himself. Complaining about port 113 being closed as opposed to stealth
>> while considering UPnP for firewall devices is a good thing clearly
>> shows how David Berlind doesn't know enough about the topic at hand to
>> be considered an expert giving advice to others.
>>
>>
>>
>> Lars M. Hansen
>> http://www.hansenonline.net
>> (replace 'badnews' with 'news' in e-mail address)
>
>If you have a quantitative viewpoint on the article, I for one will be
>happy to read what you have to say.
>
>Q
>

David Berlind (DB) writes: "To the extent that national security relies
on the vitality of the economy, I consider the mDDoS a significant
threat to our national security."
http://techupdate.zdnet.com/techupda...S_attacks.html

Seriously? A script-kiddies ability to use two servers to knock out a
cheap NAT router is a threat to national security? Wouldn't such a
"mini-DDoS" attack on multiple servers be considered an actual DDoS
attack? And, just because two servers where used to knock out one
router, it's suddenly classified "mini"?. Sounds like someone want's to
be another Steve Gibson and "invent" some totally nonsensical term for
something internet related in order to get their name written down in
the annals of the internet.

DB writes: "Firewall ports have three modes: open, closed, and stealth."
http://techupdate.zdnet.com/techupda..._and_DDoS.html

Ports only have two states: Open or closed. "Stealth" is not a normal
state of any port, firewalled or not. "Stealth" is an open port that
doesn't send a RST after receiving a SYN. In Mr. Berlind's brush with
his "mDDoS", having port 113 being "stealth" rather than closed probably
wouldn't have made any difference, as I suspect the attacker really
didn't care if there was any ACKs or RSTs being returned (a simple SYN
flood).

DB writes: "The stealth mode hides a port's existence altogether (if all
ports are stealthed, the existence of the entire Internet connection is
basically hidden)"
http://techupdate.zdnet.com/techupda..._and_DDoS.html

Actually, the complete lack of responses are a loud and clear "I'm here,
and I have firewall dropping your packets" response. There's nothing
stealthy about that at all.

DB quotes Steve Gibson: "When a user connects to an IRC server, that
server turns around and makes an IDENT query back to the user's system."

"But that practice, which dates back to the early 90's, has long since
stopped."
http://techupdate.zdnet.com/techupda..._and_DDoS.html

If that were only true. IRC is not the only service that uses IDENT.
Many SMTP servers still uses IDENT, including those of several large
ISPs. Stealthing port 113 may cause significant delays when sending
e-mails, as the mail server has to wait for it's IDENT connection to
time out rather than simply getting an "RST" from you.

Can't argue with Gibsons' thoughts on UPnP, though. Hopefully, Mr.
Berlind will soon share that opinion as well.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

on Fri, 9 Apr 2004 13:44:33 -0600, Quaoar spoketh

>
>Three ad hominem replies about why Berlind knows nothing, but nothing
>quantitative about why he is incorrect. Suspect the posters themselves
>know nothing.
>
>Q
>

Wrong #1: Ports have 3 states: open, closed, stealth.
Wrong #2: mini-DDoS is a "national security issue".
Wrong #3: UPnP is good.
Wrong #4: mini-DDoS.
Wrong #5: Stealth makes your computer "basically hidden".
Wrong #6: Stealth would have solved his "mDDoS" issue.

That pretty much sums up the quantitive part of his three articles
regarding this "mDDoS" that he's invented.

Now, maybe you can do a "quantative" on why he's right...


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Also, I think the average home user will experience many more wireless
interruptions due to neighbors with microwaves, cordless phones, and evil
channel-hogging 108Mbps access points than due to DoS attacks.

-Yves

"Quaoar" <(E-Mail Removed)> wrote in message
news:cMSdnfPuv6G_YOvdRVn-(E-Mail Removed)...
> Mr. Grinch wrote:
> > Lars M. Hansen <(E-Mail Removed)> wrote in
> > news:(E-Mail Removed):
> >
> >> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
> >>
> >>> Just sharing...
> >>>
> >>>
> http://techupdate.zdnet.com/techupda...ys_routers_and
> >>> _DDoS.html
> >>
> >>
> >> "David Berlind's Reality Check"?
> >>
> >> Seriously, the one who needs a reality check may be David Berlind
> >> himself. Complaining about port 113 being closed as opposed to
> >> stealth while considering UPnP for firewall devices is a good thing
> >> clearly shows how David Berlind doesn't know enough about the topic
> >> at hand to be considered an expert giving advice to others.
> >
> > I agree. He seems to be getting all excited about something he knows
> > little about. Complaining about using a port closed in one breath
> > then suggesting UPnP to be used the next.
> >
> > Lots of people are using the Linksys routers and getting better than
> > average security compared to people who've got nothing. And I've
> > seen just as many Zone Alarm misconfigurations to know that it's not
> > really any "safer". I spent an entire weekened trying to remotely
> > get my sister's Zone Alarm config to work properly with VNC before we
> > finally uninstalled it. Not that I'm bashing a free product but
> > seriously, they all have their issues.
> >
> > Anyone who is willing to spend the low price to put one of these
> > cheap DSL / cable routers on in front of their PC is getting at least
> > some basic level of security that the majority of users out there
> > simply don't have or are not using (ie XP / 2003 internet security).
> > I found it laughable that the author suggests he'd be going with
> > Netgear, as if their support is somehow so much better. All the
> > support in this price range leaves something to be desired, but in my
> > opinion these hardware devices require less support than the
> > comparable software solutions.
>
> Three ad hominem replies about why Berlind knows nothing, but nothing
> quantitative about why he is incorrect. Suspect the posters themselves
> know nothing.
>
> Q
>
>