[BBLISA] Question about Network analysis tools

Dean Anderson dean at av8.com
Thu Jan 8 14:58:47 EST 2004


I'm not sure what all the fuss is about regarding Gibson. Steve Gibson has
done some worthwhile investigation of virus and distributed DOS attacks,
including disassembling the virus and contacting the operator of the
virus, and convincing them to stop.  He has about as much right to label 
himself a "security expert" as anyone else.  No one knows everything.

Gibson is a programmer, selling software.  Obviously, it isn't perfect. I
did look over the grcsucks site, and read the parts about the Brady &
Associates issue. Apparently, users of Gibson's stuff also used Brady's
stuff, and mistakenly filed complaints about their own scans because they
didn't understand Gibson's software, nor did they understand Brady's
software. Brady and GRCSucks try to put the blame on Gibson. But I would
say that blame is on Brady, too. If your users don't understand your
software, and make false complaints because they don't understand what
they are doing, then part of the blame rests on the software, which
includes Brady's.  But the biggest part of the blame is on the user.

I haven't used Shield's Up, but whether it scans 10 ports or the whole
range probably doesn't matter for most pc users. They only have a small
number to worry about on these M$ machines.  Obviously, if you are
offering a remote scanning service, you would want to limit the bandwidth
consumed, and if 10 ports will do the job you want, then its worth it to
do only 10. But of course, that tends to limit the utility of Shield's Up.  
Probably, Shield's Up isn't going to be suitable for anyone on this list.

Quite a lot of the diatribe on grcsucks involves nits such as the use of
"hackers" vs. "crackers" to describe people conducting unauthorized
computer breakin activity.  Just nonsense criticisms and a lot of highly
qualified untestable "opinions", which they try to pass off as "Researched
Facts and Opinions".  For example, in the introduction they claim:

   Gibson worked for years as a marketer.  Gibson founded a
   proprietorship specializing in media advertising and public relations,
   and that's what he is really good at.

And they include a link to his resume. I just looked it over. He worked as
a marketer from 1977 to 1979, until he was 23. After that, he has been a
programmer/engineering manager/technical writer. Before then he was a
programmer, too.  Impressively, he was a high school intern at the
Stanford AI Lab--those aren't given out to idiots.  I'd have to say the
grcsucks description above as a marketer is highly misleading.  But anyone
that owns their own business is a marketer, whether or not they have
marketing skills.

Another problem with the grcsucks site that attracted my attention, was
the quote of Steve Gibson saying:

   It is my intention to carefully and completely explain, to the entire
   world, exactly why there is no defense against the sorts of clever
   Internet attacks you guys can create 

And then grcsucks goes on to dispute this.  In fact, Gibson is right.  No
system is completely secure. There are always vulnerabilities.  There are
vulnerabilities you know about and vulnerabilities you don't know about.  
Ironically, its the ignorant "security experts" who claim otherwise. So it
seems to me that Steve Gibson knows more about security than the grcsucks
people do.

It is just annoying that the people at grcsucks.com can't figure out how
to setup a web counter, though.  They used Geocounter.net, which isn't
working.

Anyway, I use nmap for scanning.  But I would say that you would be better 
off using netstat -an on the system you are about to deploy.  And using an 
ip filtering system to limit it to those that you intend to use. There are 
other measures you can take, as well.

		--Dean





More information about the bblisa mailing list