jp.jpg (13389 bytes)

CHAOS MANOR MAIL

A SELECTION

MAIL 88 February 14 - 20, 2000

 

read book now

HOME

VIEW

MAIL

Columns

BOOK Reviews

emailblimp.gif (23130 bytes)mailto:jerryp@jerrypournelle.com

CLICK ON THE BLIMP TO SEND MAIL TO ME

The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE.

FOR THE CURRENT VIEW PAGE CLICK HERE

If you are not paying for this place, click here...

IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature.

I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too...  I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail. 

Day-by-day...
Monday -- Tuesday -- Wednesday -- Thursday -- Friday -- Saturday -- Sunday

Search: type in string and press return.

 


Boiler Plate:

If you want to PAY FOR THIS there are problems, but I keep the latest HERE. I'm trying. MY THANKS to all of you who sent money.  Some of you went to a lot of trouble to send money from overseas. Thank you! There are also some new payment methods. I am preparing a special (electronic) mailing to all those who paid: there will be a couple of these. I am also toying with the notion of a subscriber section of the page. LET ME KNOW your thoughts.
.

If you subscribed:

atom.gif (1053 bytes) CLICK HERE for a Special Request.

If you didn't and haven't, why not?

If this seems a lot about paying think of it as the Subscription Drive Nag. You'll see more.

Highlights this week:

 

line6.gif (917 bytes)

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Monday  February 14, 2000

St. Valentine's Day. If you are male and have a female significant other, be warned: they take it seriously if you forget. (I didn't. Aren't PDA's wonderful?)

First, my article with Roland Dobbins's memo attached about the DoS attacks is up at BYTE.COM and Roland has a correction.

http://www.byte.com/feature/BYT20000210S0010 

has an incorrect URL for my firm, Data Systems West - it should be www.dsw.net .

Roland Dobbins


Next, I have received comments about the current column on utilities (that was fast!).

 Do note: I can only report my own experiences. When I test software it is on machines that are pretty stable (because I have been using them a lot and know them to be) and if they have problems I report that as well. In the case of the utilities I used 4 different machines, all of them heavily used and all stable to the best of my knowledge, and my conclusions remain: if you are using Windows 98 SE or Windows 2000 you may be better off without the various "OS Crash Guard" and other OS level utilities. I think I am.

Hi Jerry -

I also have been a fan of Mijenix and installed the new System Suite 2000. I have had no probems at all with updates on the Internet, although I am using it on a stand-alone PC. The new anti-virus portion from Trend Micro is very good and the updates are very frequent now. The new uninstaller portion of the program is the only part I can say is buggy and has some real problems. I have contacted Mijenix and they are aware of them and hope to correct them in the next maintenance release.

Thanks for a great column, Chris Hartmann CHRIS HARTMANN BOOKSELLER OUT-OF-PRINT &; SCARCE BOOKS 219 WA HARRIS RD MORGANTON NC 28655-7021 828-433-5478 hartmann@hci.net 

I am sure many do not have problems or they wouldn't be able to sell the programs. I can only say that with Windows 2000 and Windows 98 SE systems my experiences were such that I have taken them off the system. It may be that had I been able to do the updates they wanted to do, it would have made a difference: but no attempt I made managed to get those downloads. I'll try again but I think they don't know how to deal with LAN access to the Internet. Norton certainly does, and I have used that all the time (but a Norton updated utility reset my machine unexpectedly; only once, and that when it was "fixing" problems, but it's still a bit frightening...)

Jerry,

I've been a real fan, albeit a quiet one, since the early days of Byte back in the 80's. Your recent article on Byte.com regarding Ontrack Utilities caught my interest because I have a similar configuration. I am running a 450 PIII system with the same 32 Meg. ATI Rage Fury card and Win 98 SE.

I have not experienced the problems you have described with the 2000 version of the utilities. I normally run at 800x600 and only have one other machine on my home network so my setup is not as complex as yours, but it seems to be working fine. The other machine is an older PII machine that shares a 56K dialup connection using Microsoft's ICS.

Regards

Douglas L. Rickenback 

Interesting, and thanks. Once again, it happened to me, and was a bit frightening: the Mijenix utility did something very odd to the screen. I may not have been patient enough, but it doesn't take much of that to get me concerned. I did these tests on several machines, all stable until the various utilities got into them...


And a question from a reader:

Sharing Outlook contacts with Linux ?

Dear Jerry ,

I have several people using Outlook on windows boxes. We are connected to a network running on a Linux server. Is there a way to share the Outlook contacts and calendars ?

I have been trying with no success. I tried withe Net Folders with no success.

What do you recommend ?

Thank you and best regards. PS : I have been reading your writing for more than a decade now, with always great interest ! !

Yves-Michel MARTI President EGIDERIA Mail@egideria.com 

Thanks for the kind words. I haven't tried that; perhaps a reader knows. 

And Moshe Bar has a problem. I have never met him but we've worked together online enough that I'm looking forward to it. Can anyone help?

Dear Dr. Pournelle

I have a question that the vast pool of knowledge represented by your readers might resolve.

We want to allow customers to access our character-based application on the server with a browser. In other words, we want to have a terminal emulator based on the web. Does anybody know of any software (OpenSource or proprietary) that would allow us to do that? The web server is, obviously, a Linux machine.

Many thanks for any hint.

Regards

Moshe Bar ( emulatorsw@moelabs.com )

I have mail suggesting that the above address doesn't work. It's all I have... (See below: Moshe was the victim of a DoS attack. We also have the solution to the problem.)

Re: Moshe's problem

Certainly there's an answer. The magic words to Ask The Web<tm> (specifically Google) are "terminal emulator applet". He'll get half a dozen solutions to his problem. How much fancy emulation he needs will determine which answer will suit him best.

See? Only one copy.

Cheers, -- jra -- Jay R. Ashworth jra@baylink.com http://baylink.pitas.com

 


It began with a problem with Getright: it no longer leapt in to intercept downloads. When Getright works, it really works. If you download much an dyou don't have Getright, you're working far too hard. I fired off a note to help@headlightsw.com expecting a pointer to a FAQ. 

I said: I cannot make getright accept anything to download or intercept any downloads. It looks to be all right. The icons are there. But I drag and  nothing happens, and it don't intercept. 

 This is a windows 2000 system. I have a registered version. What am I doing  wrong?  Jerry Pournelle 

Within ten minutes I got:

Probably recently upgraded to Win2000 :) That might have written over GetRight's Click monitoring settings. Go to the "monitor" tab of the configuration window and turn click monitoring off (close the window to apply the changes) then go back and turn click monitoring back on. That usually should solve the problem.

If that doesn't do it, The two attached files will turn some debugging things on and off. Run the "debug_on" one to turn it on, then click a few things that should be caught, then send the "GetRightClick.log" file from the GetRight directory so I can take a look. (Then run the "debug_off" one.)

-Michael Burford (getright) www.GetRight.com  PS: can't usually do 15 minute turn around on support...recognized the name tho :)

So: if you install Windows 2000 and have problems, here's the solution. It works. As to a 15 minute help, you probably won't get quite this level of technical support. I find I have to say this a lot... (The most famous time being when the Microsoft Windows 95 product managers were here and connected on line to a debugger in Redmond. You probably won't get quite that level of support...)


Is Windows 98 stable enough to use? I clearly think so (see the current, i.e. February 14 2000 at www.Byte.com  ); but:

Jerry,

I'm glad to hear that you haven't had many problems with Win98SE, "despite doing a lot of goofy things with it." And my experience has been similar with '"crash guards" and "system watch" programs [that] actually cause more problems than they fix.'

Unfortunately, I can't agree that Win98SE is good enough, or even better than Win95-OSR2. I maintain about 100 Windows PCs that are about 80% Win95 and 20% Win98SE. Most are Dells, and those with Win98 have at least 128MB of RAM and plenty of free hd space. But it is my Win98 users who are continually having problems.

About 5 of these lock up on exit--despite having installed Microsoft's Win98SE "Lockup on Exit" patch. All seem to load their antivirus program's components more than one time, even when the redundant load is unchecked in MSCONFIG--Win98 just sets up another new MSCONFIG line loading the program. When either Mcafee or Norton AV is loaded for a third time the system crashes. With either loaded twice the system runs out of resources earlier than it should.

I made the mistake of activating the Critical Updates feature and accepting the various (25 or more I think) Win98 security patches and the Java update on my own PC. After that Netscape could not access secure web sites through which I purchase equipment (but Internet Explorer could). When I reformatted my HD and reinstalled Win98SE, without the security/Java updates, Netscape worked again.

Another computer with an HP 4200 USB scanner worked without problem for 3 months, now the scanner causes a conflict with the built-in audio device which begins to screech and Win98SE locks up. When I uncheck the third reload of Mcafee it's fine until it is rebooted and the redundant reload occurs again.

I won't belabor the point any more, and to be fair some of my Win98SE computers have not had problems, but most have. And given the similarity of the computers I'm at a loss to explain the differences. Win95 crashes occasionally--and usually when it runs out of resources before it should, but my experience with Win98 has been even worse.

Thanks for a great column!

MK

That hasn't been my experience. Windows 98 First edition had problems but since we went to 98 SE those have pretty well gone away. I do have pretty clean hardware and I got rid of most of my older machines. Once in a while I have a shutdown problem, but it is never serious. : works next startup. Maybe I better try torturing my systems a little more.

I use one 98 and one Windows 2000 box for most of what I do here, and that's a lot. They work OK for me. So far. Now.

Thanks.


Feb. 14

Dear Jerry:

I was glad to see the discussion on utilities programs. I have lots of anecdotal stories in that vein, my favorite was being told by a Dell tech rep some years ago to take Norton Anti-virus off my system as it was causing my video problems. As the kids used to say, NOT! It was a buggy video driver release coupled with a corruption of the WIN95 registry - nothing to do with Norton. But the third-party providers give tech support somebody "out-of-house" to blame...

I'm writing today, however, to warn you and others that the Ontrack Fix-It 2000 suite WILL disable Norton Systemworks, if you run the Fix-It RegistryFIXER program after you have installed Norton. It doesn't delete the Norton files, but removes their entries in the Registry. I've done this on three different computers over the past few weeks, and all suffered the same fate; luckily the Ontrack Undo feature works as advertised and puts everything back the way it was before. This also occurred under the original Mijenix Fix-It 1999 utilities. Purposeful or not, it is something Ontrack needs to fix.

I agree with you that Crashguard et al has ceased to be of value, if it ever was; WIN98SE is the OS we deserved but didn't get back in 1995 as far as stability is concerned, and makes using a Windows box an almost surprise-free experience. However I find that the defrag built into Fix-It 2000 as well as the RegistryFIXER (the Norton problem aside) are head &; shoulders above the MS versions in power and speed, and significantly better than the Norton offerings as well.

As for your updating problem while it may well have been the network as you suspect it could also be that Ontrack's servers were overloaded; I had the same problem six months or more ago trying to update the original Mijenix Fix-It, called their tech support, and was told that the volume of traffic caused by the unexpectedly rapid growth in the user base was giving their servers fits. Try late at night or early in the AM.

All the best--

Tim Loeb

It WAS late at night, but I'll try again. I start with a healthy prejudice in favor of Mijenix, so I will keep working at it, but I sure didn't get a good felling about any of it. The registry cleaner used to be vital; I expect it's still useful. I'll work on this some more. Thanks!


The following is from the Author's Guild regarding Carol Books. I have no books with that house, but I post this as a service:

Dear Member:

As you may know, Carol Publishing Group, Inc. has filed for Chapter 11 bankruptcy protection in United States Bankruptcy Court in New Jersey. Unfortunately, pending the conclusion of the case, the filing has indefinitely postponed the publisher's contractual obligations, including the duty to make the payments it owes to its authors, and to revert rights to authors whose books are out of print.

The Authors Guild has enlisted the help of Shalom Jacob, a seasoned bankruptcy attorney, to voice Carol authors' concerns directly to the Court. Of particular concern is the allegation by many authors that Carol has not accurately accounted for its debts to individual writers pursuant to the payment provisions of their contracts with the company.

In order for Carol to assign its book contracts to another company (a resolution that has been suggested), all pre-petition debts must be paid to the authors. In addition, the publisher acquiring the contracts must observe all of the obligations Carol had assumed to authors under the agreements. Other issues include whether Carol has failed to list all authors with claims as creditors in the bankruptcy papers (more than one-half of the Carol authors who have contacted the Guild with claims against the company are not listed as creditors in Carol's filings), as well as whether authors may be able to retrieve the rights to their books in some cases.

At 10:00 a.m. this Wednesday, February 16, the U.S. Trustee will make a motion before the Bankruptcy Court in Newark, New Jersey for the appointment of an examiner to review Carol's accounting records in order to determine its debts to individual authors. We are strongly in favor of this motion, and encourage all writers to attend the motion hearing if feasible, so as to send a strong message to the Court regarding the significance of authors' concerns in this proceeding.

To facilitate our advocacy on your behalf, we ask that you take a few moments to respond to the following questions, and reply to the Guild's Contract Services Department via return e-mail or fax:

1) Prior to the bankruptcy filing (on November 12, 1999), were you receiving royalty statements from Carol in accordance with the contract? When did you receive your most recent statement?

2) Have the royalty statements sent to you by Carol been accurate, in your estimation? If no, please elaborate.

3) What total amount of money, if any, in unpaid royalties, license fees, or other sources, do you estimate you are owed by Carol Publishing?

4) Have you earned out your advance?

5) Do you give your approval for Mr. Jacob to represent you at the hearing on Wednesday? There is no charge or further obligation to you for this service, and it will be helpful for the attorney to speak on behalf of as many authors as possible in order to impress the importance of their interests upon the Court.

6) If necessary, would you be willing at a later point to pay a reasonable retainer fee to support future services by Mr. Jacob on behalf of affected authors? What amount would you be willing to contribute?

7) Are you able and willing to attend the February 16 hearing? If so, we will forward details to you.

Thank you for your attention to these questions. Please direct any inquiries to the attention of Contract Services at staff@authorsguild.org, and put Carol Publishing in the subject line. Please also forward this message to other individuals and/or writers groups that may be interested.

Sincerely,

The Authors Guild, Inc. Contract Services Department


TOP

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Tuesday, February 15, 2000

Dear Dr. Pournelle

I just knew your readers would be able to help me. Within a short time I got several emails from your readers telling me where I could find software that properly emulates the telnet protocol on a web browser.

Many thanks for sending me hints to:

Randall Randall
 Rob Paterson 
Steve R. Hastings 
Carl E. Meyers 
Geoge LaiaconaIII

And of course many thanks to you for helping me out.

The places to find good browser-based telnet clients are:

http://www.mud.de/se/jta/ 

www.attachmate.com 

It might be interesting to note that soon after you published my plea for help, my mail server at home (which is connected to the Net through aDSL), got flooded with hundreds of thousands of emails and other connections. As a result my mail server went down and I had to block several IPs at my router, but obviously the bandwidth was all gone. Although the U.S. is showing growing awareness to these problems, Europe is still very much incapable to even formulate its will to fight cyberterrorism.

Regards

Moshe Bar (emulatorsw@moelabs.com)

I have come to the conclusion that my readers collectively know everything. Since I sometimes pretend to know everything it's useful to have such wonderful sources...


Sounds like you lost the "cookie" that Amazon uses to enable the One-Click functionality. Perhaps the cookie was on Princess and you were using Parsifal to contact Amazon.com. Or the cookie got deleted through accident, or on purpose but by mistake. Anyway, when you identified yourself to Amazon by going through the "My Accounts" function all that happened is that the enabling cookie was sent to your current machine. As to why it never offered to turn One-Click back on -- it was because the server didn't have any way to tell who you were. I can imagine all sorts of problems if the ordering software tried to match stored One-Click profiles to individuals based on information gathered during checkout. Perhaps there would be few false positive hits on your name or mine, but imagine how many Joe Smiths or Juan Garcias there are in the world? It is probably safer to require the unique username/password combination before restoring the One-Click cookie...

Yes, I agree absolutely that the current state of the art in e-commerce on the Web is less than perfect. In fact, it's darned hard to implement an e-commerce site that is both easy to use and secure with today's technology. E-commerce today is like a dancing bear -- you shouldn't be too disappointed with the quality of the bear's dancing. The amazing thing is that it can dance at all.

Mike Strube mstrube@galstar.com

The setting got changed but I didn't change it. My real complaint is that Amazon doesn't make it easier to figure out how to get it back once it has gone away.

Political incorrectness: the original of that remark is Dr. Samuel Johnson: "A woman preaching is like a dog walking on its hind legs. You do not expect it to be done well, the astonishment is that it is done at all." But we don't say such things today (and in fact it ain't true: I've heard at least one decent sermon from a woman). Of course C. S. Lewis once observed that in his entire life he had heard no more than a dozen sermons that were not an insult to the intelligence...


Dear Jerry It was a very good, non-technical description on how a DDoS-attack could be conducted. The included references was nice too; a link to a practical, test-my-own-machine-now link (p.4), and links to more theoretical, technical sites. (Unix/Linux memo) But I can not understand why, as You claim on p.1 "NT and Windows machines won't do as clients.", at least not from a technical standpoint. I can not understand, why there should be any inherently difficulty in compromising, and executing client code on the Win9x and NT architecture? (I mean, Microsoft releases patches to cover up such holes). Or is there something different about DDoS-attack-clients, that makes it impossible for them, to be executed on Win9x /NT systems? If so, I would be very interested in a more technical explanation. Gibsons IP-Agent is Win9x software. Why would he make such a client, if those being able to run it, was in no risk?

I could understand why a "Waldo" would focus on permanently internet-attached computers, with plenty of bandwidth, and therefore likely to to target the vast amount of Unix and Linux boxes out there. But if preference is your point, not some technical ability, I think you over simplifies too much. With the rapid rise of "always on" *DSL and cable modem connections, ordinary users (with any system architecture) runs a risk of getting their systems compromised (IMHO).

PS. Your reference to the Gilbert Shelton classic, made me laugh out loud, (haven't thought about the Freak Brothers for years). But I could swear, that it wasn't Fat Freddy, but Freewheeling Franklin (sp?) who shouted out about "Marinus van der Lubbe" (the man accused for torching the Reichstag in 1933).

Regards Peter H.S. (Denmark)

The short answer is that getting enough Windows systems as clients is much harder and generally has to be done one at a time, not by batch processes. The standard software to do the job isn't on those systems, so putting in a substitute that does the old job and stands ready to accept attack instructions. I have a long technical memo from Roland on this which I'll put up when I can, but in brief, if you can manage to compromise Windows systems for this, you can do far more lucrative things with your time. Compromising Linux and Unix systems is easy (if they haven't been fireproofed).

It was Fat Freddy.

Van der Lubbe was a halfwit (intellectually challenged, like he wasn't trying hard enough?) He was a Communist hanger on, who probably did set the fire at the instigation of Gestapo agents whom he probably thought were Communist higher ups giving him a chance to do something for the cause. That's my hazy recollection, anyway...

 

Subject:Cracking, DoS Attacks, and Cordwainer Smith

The recent news regarding cybernetic mayhem reminds me of an aphorism I picked up during the '60's:

Poor communications deter theft. Good communications promote theft. Perfect communications stop theft. --Paul Myron Anthony Linebarger, "Mother Hitton's Littul Kittons"

And, sooner or later, someone is going to try to do a Rod McBan on the world's markets. That, however, comes under the heading of legitimate, but dangerous, business activity, rather than cracking. I knew what a computer virus was back in 1970 or 1971, when I read David Gerrold's "When Harlie Was One." Does anyone have any earlier theoretical references to the problem?

Fiawol, James G. "Sourdough" Jackson jim.jackson2@state.co.us (work) jjackson@bwn.net (home)

Well, I wrote about viruses in my general science columns, but David was probably the first to use VIRUS and FLUSHOT in stories. Was Harlie written that early? I think it was a bit later.

Probably not everyone knows that "Corwainer Smith" was Linebarger's pen name. Or that FIAWOL means "Fandom is a Way of Life." There are many codes in fanspeak..

 


Jerry,

As for Plextor drives, they are a dream. I had numerous problems last year with conflicts between an IDE CD-RW and a series of IDE CD-ROM readers. I must have gone through four or five different CD-ROM manufacturers' efforts (IDE and SCSI both). Eventually, I decided to try a Plextor SCSI CD-ROM (the UltraPlex line). It was almost literally an "out-of-the-box and run" installation. What's more, the Plextor has, according to my rough tests and calculations, met their product specs for speed and throughput, which is almost an unknown in today's world of inflated claims. A delight in every way to own and use.

I might also like to note that despite all the hoo-hah about SCSI installations, I can say with complete confidence that I've had an almost 99% success rate in SCSI installations, but then that may be due to the excellent Adaptec SCSI card I have. I cannot make the same claims about the various USB devices I've tested (and rejected in many cases).

I look forward to hearing more about "Mohican" in the future. I'm about six to ten months away from my next build of a desktop, so your thoughts and experiences are always welcome to read!

John Palmer

Indeed. I use Adaptec SCSI, and have few problems. Hitachi DVD-RAM both IDE and SCSI also work well. My Plextor is one of those things it's hard to review: it just works.


From: Stephen M. St. Onge saintonge@hotmail.com

Subject: Book News

Dear Dr. Pournelle:

On van der Lubbe, I got the reference to the Reichstag and him, but thought Fat Freddy was a sarcastic nickname for Goering. Oh, well.

Anyway, the real reason I wrote: Double Lives : Spies and Writers in the Secret Soviet War of Ideas Against the West by Stephen Koch. Aside from the author's excellent taste in first names, this is one of the most intellectually exciting books I've ever read. I wouldn't have believed the information in this volume, if it hadn't been based on KGB files Koch was shown in the early nineties. For instance, there's evidence that the KGB trained some female agents to seduce and marry Western left-wing writers, as a way of secretly manipulating them!

There's a bit about van der Lubbe in the book, concluding that he did burn the Reichstag, it was his own idea, but Stalin and Hitler probably collaborated in the show trial. Oh yeah, van der Lubbe may not have been has stupid as he appeared at the trial. Instead, he was probably drugged, to keep him from giving away the deceptions.

I reviewed this book on Amazon, gave it five stars (the other two customer reviews are also five stars), and it deserves more. For anyone interested in the "Popular Front" era, this book is vital. I can't rave about it enough. My highest recommendation. Out of print, alas, but lots of libraries have it. My copy is not for sale.

By the way, Worldcat says that When Harlie Was One was published in 1972. According to Amazon, it's out of print.

Best, St. Onge

I have heard every conclusion possible, but when I paid attention to these things I came to the conclusion that van der Lubbe was a half-wit duped by the Gestapo. Manning Coles came to the same conclusion, as have others whose views I respect. Absent new material as say from the Russian archives I don't figure to restudy the matter. Hardly important, and it's a convenient symbol for government being agent provocateur to get more power to "solve the problem". I have no trouble believing van der Lubbe thought it was his own idea.

It is quite possible that van der Lubbe was an unwitting tool of the Nazis, or indeed of the Communists, but I have seen no evidence to establish the more likely culprit. However, from nearly all contemporaneous accounts, including private diaries of those often accused of being principals, it seems that Goebbels, Goering, and Hitler were all genuinely surprised when they learned of the fire. In a gathering of his close confidants, Hitler expressed the hope that the fire was the work of the communists. There would have been little reason for play-acting in that gathering.

Given the date of the fire, 27 February 1933, it is likely that, if the Nazis were responsible, it would have been an SA detachment under the command of Karl Ernst, the SA commander of Berlin. Indeed, by that time, Hitler and the Brown House had nearly lost control of the SA. Ernst Roehm and other SA leaders were demanding that Hitler implement some of the socialist programs he'd promised. Only a few months later, Hitler found it necessary to decapitate the SA to maintain his power. I think it is quite possible that the SA undertook the burning of the Reichstag on their own hook, without the connivance or knowledge of Hitler and the rest of the NSDAP leadership. If the SS were involved, rather than Gestapo, I think it more likely that it would have been a detachment from the Liebstandarte-SS Adolph Hitler (LSSAH), which was at the time, I believe, under the command of Sepp Dietrich.

I doubt we'll ever know what really happened, given that many records were destroyed and those still extant are suspect. I wouldn't even rule out that van der Lubbe was indeed acting on his own. Stranger things have happened.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com

Indeed. So another legend goes away?  Ah well. Clearly you have put more time into this than I have. It's not a specialty of mine, but Stephen Johnson, another of Possony's protégés, had extensive data on Nazi-Communist cooperation in the early Hitler days.

It remains the case that from 1848 to the death of Hitler everyone who advocated genocide called himself a socialist. Without exception.


I was askedby Thierry Herbelot why Windows systems were not used in the DDoS attacks. I sort of know, but I decided to ask someone who really knows. Here's the result:

There are a whole host of security vulnerabilities in Windows 9x and NT; however, they are of a different order than those in *NIX boxes.

Specifically, no Windows product by default has an interactive remote login shell. There -is- Windows Terminal Server, which is available as a separate product for NT and is included with Win2K Advanced Server, but because of the way it works - and the fact that hardly anyone is using it, and certainly not on IIS servers - it's not as easy to compromise as a sloppily-administered *NIX box with telnet running. And the various vulnerabilities identified in IIS have more to do with allowing people to see data they oughtn't to see, rather than planting executables into the server machines.

It's possible, mind you, but time-consuming and difficult compared to simply scanning for loosely-configured *NIX boxes. I should think that someone spending the time required to do such a thing would be more the sort of person intersted in stealing credit-card numbers, etc., rather than simply hosing yahoo.com.

In order to get a Stacheldracht/Trinoo/TFN2K client onto a Windows box, one would have to somehow trick the user into downloading an executable and installing it. This could be done, for example, via a script on a malicious Web site. The DDoS client could then 'register' itself with some central control point, and then stand by for instructions.

However, this would require a lot of work, and leave a 'paper trail' of some sort behind (Web server has to be set up, someone's paying for the space (even if it's a hijacked site, someone logs into it, ftps files up to it, etc.), connectivity, and so on. People who do this sort of thing, as mentioned above, find it far easier to scan for lackadaisically-administered *NIX boxes which have a built-in remote login facility via telnet, or are running a version of an ftp daemon or somesuch which is vulnerable to a buffer-overflow attack.

The toolkits for performing DDoS attacks which are floating around the Net are all for *NIX. This may in time change, but because of the way the respective OSes are structured, it's my opinion that *NIX will probably remain the most popular platform for the script-kiddies. Someone who found some improperly-configured Windows boxes at an Internet cafe or a public library - i.e., with physical access to them - could manually install his DDoS client, but there are a plethora of risks associated with doing this sort of thing 'by hand', as it were, and I just don't see it happening with any frequency.

Far safer to stay at home and run nmap against various university networks.

Also, most fairly modern *NIX boxes can put out a whole lot more packets-per-second than most Windows boxes of any subgenre. This is an important point, as the entire thrust of the DDoS attack depends upon speed, speed, and speed.

The one thought I've had, which I've until now kept to myself, was that perhaps the events of last week were simply a way of making a demonstration, thereby drawing attention away from something far more sinister/serious.

It's unlikely, but certainly could be an effective tactic, no?

Roland Dobbins 

 

 

 

TOP

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Wednesday, February 16, 2000

Continuing:

It seems Roland Robbins is ignoring a few facts...

* Windows has known buffer overflow security faults that can be exploited to invade the machine.

* The NetBIOS services can be used to easily invade Windows machines.

* That Windows is highly vulnerable has been demonstrated again and again by virii such as Melissa. Even though these virus are detected early, the fact remains that a great amount of machines (relative to what is needed for a DDoS attack) remains contaminated. That these virus have not been written, to date, to stay as dormant servers waiting for instructions to awake and perform the attack is just luck.

* It is not necessary to keep track of which computers have been infected with trojan programs. A simple broadcast on DSL or cable lines has a good chance of awakening a good number of trojans.

Most importantly, Robbins did not say computers running Windows were invulnerable. He only said they weren't likely to be attacked. Your article on Byte says:

"NT and Windows machines won't do as clients."

they do. They weren't used in _this_ attack, as far as we know, and that's a very different thing.

I was going to search for links pertaining Windows vulnerability, but you already provided one yourself:

http://grc.com/default.htm

-- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org

"If you consider our help impolite, you should see the manager."

Your aphorism is probably accurate. Roland wasn't ignoring something, he was avoiding writing an essay. I had asked for specific comments on a specific incident, not a general purpose discussion of security, however much that may be needed. It isn't necessary to begin quite that way.

In any event, the real debate is on the meaning of "easily". You say things are easy that perhaps are for you, and which I could learn to do; but that's not in the same league of "easiness" as what happened with the DDoS  attacks this week. Those were truly "easy" in the sense that nearly anyone could download some software and have at it. 

To get into Windows for this kind of thing one must either have physical access to the machine, or get an executable into the machine. That latter, as you point out, can be done sometimes with Trojans and virus like programs like Melissa, but how "easily" that is done without leaving traces isn't so clear, at least to me. (Incidentally, not to quibble, but "amount" usually refers to a continuous variable, not a number of discrete machines.) 

As to my own essay, I said "won't do" because that's what I meant. Given the techniques used in the DDoS attacks -- which was the subject under discussion -- Windows machines wouldn't do. Perhaps I can be accused of being unclear here, and I'll make a note of that, but I never in a million years said Windows machines aren't vulnerable to something; just not this.

As to going to www.grc.com and finding out your vulnerabilities, that was the point of the article. If the user community doesn't clean up its own act, then the government will do it for us, and their heavy handed approach will really cause problems. If the FDA can use SWAT teams with machineguns to raid a vitamin supply house accused of making unwarranted claims for one product out of thousands, what might they do to you and me if they think we have a machine used as a relay for an attack on a Big Government Client---

Thanks for your letter. You remind me that when we have to write briefly a lot gets left out.

And Roland replies (at length):

There are lots of vulnerabilities in various flavors of Windows, in IIS, IE, etc. We learn more about them every week, it seems. And, unfortunately, Microsoft aren't as good about up-front testing, nor about issuing fixes, as we'd like.

Having said that, I take issue with your characterization of both Dr. Pournelle's article and my follow-up email message on his personal Web site to the effect that 'It seems Roland Robbins is ignoring a few facts...' (my last name is, in fact, Dobbins). I'm not ignoring them at all. What I'm pointing out is that, given the DDoS tools that we've seen and the classes of DDoS tools that we know are easiest to code, deploy, and operate, it's likely that *NIX will be the preferred platform for this sort of thing for quite some time.

There are exceptions. Back in December, one organization's Windows users received an email message with forged headers stating that it originated from Microsoft, and urging them to install an executable which purpoted to be an update to Internet Explorer. When those machines were rebooted, they then proceeded to flood a telephone company in Bulgaria's network with UDP. It took a while to get it straightened out, of course; when everything was said and done, it was revealed that the author of the DDoS tool in question stated in comments in the code that he was doing this as a specific act of revenge against the victimized Bulgarian firm.

Obviously, this chap did some up-front research before coding his trojan. He must've done some port-scanning to determine that there were Windows users at the site in question, and then targeted his attack mechanism accordingly. And it wasn't very elegant - he had no way to marshal all the machines he'd infected in order to turn them all on or off at once, or to re-target them at other sites.

This is different from what happened last week. And there are certainly mechanisms such as firewalls, email-based attachment-scanners, etc. which should've (and hopefully now are) been implemented at the innocent third party's site which would've prevented their site from being used as a launching pad for this sort of thing.

I personally would never directly expose a Windows box to the Internet. Nor would I directly expose an unpatched, unaudited *NIX box to the Internet. I wouldn't even do this last on a private WAN. I don't approve of using IIS on the Internet; it's fine for private nets, but just isn't ready for exposure to unfettered public access. Same for Exchange.

Poorly-administered *NIX boxes, because of their remote interactive shell capability, are far easier to crack than Windows boxes. Well-administered *NIX boxes can be an order of magnitude more secure than Windows boxes; unfortunately, a lot of *NIX sysadmins are lazy/ignorant/incompetent/indifferent, and therefore don't do even the bare minimum in terms of securing their hosts. Sysadmins are often people who have other, 'real' jobs, and so are expected to fit in their administration duties in their copious free time. They're often underpaid and overworked, and therefore simply haven't the incentive nor the time to perform even the most basic security-releated maintenance and audits.

A lot of Windows users and administrators are lazy/ignorant/incompetent/indifferent, as well. There are all sorts of resources publicly available which people can peruse in order to ensure that their Windows boxes are secure. I doubt there's anyone who owns a computer in the United States who doesn't have at least a vague notion that there are some bad people out there who wish to do them ill via their Internet-connected computers; in my mind, there is no excuse for not being proactive about such matters.

The *NIX vendors are to blame, here, too. I don't know of a single commercial or open-source *NIX distribution which doesn't install 'broken' out-of-the-box. Far more broken, relatively speaking, than Windows 98 SE2 or Windows NT Workstation SP3 or Windows 2000 Professional (I've yet to install Windows 2000 Advanced Server RTM). Given the tools and services that are by default installed on, say, Red Hat Linux 6.1 - broken wuftpd, broken sendmail, finger/chargen/echo/daytime nonsense, plus gcc and fairly recent libs - Red Hat installed out-of-the-box is a script-kiddie's dream-target. This is true to some degree of Caldera, Corel, SuSE, Slakware, and TurboLinux, as well.

FreeBSD is better about this than Linux - I've often said that Linux isn't an OS, it's more of a kernel, modules, and associated libs, whereas FreeBSD is actually an OS. OpenBSD is better about this than FreeBSD, out of the box. Solaris, SCO, HP-UX, and AIX are all broken out-of-the-box. DG-UX is somewhat better, but one ought to bear in mind that they've a lot of experience with security, having worked with bdm.com to develop a B2-secure version of DG-UX at the behest of NSA.

As for directed broadcasts, if the network infrastructure folks are doing their jobs, those ought to be disabled on the routers. If not, that's another set of problems, entirely. Egress filtering, rate-limits on ICMP, disabling source-routing, and so on can be implemented on a site-by-site basis to ensure that if hosts are compromised on said sites, they can't be used to hose someone else. IPv6 does a lot to lessen the risk of forged source-addresses; there are also several proposals for handling a lot of IPv4 weaknesses currently being circulated. None of this has anything to do with Windows.

In the recent past, one of my clients, a medium-sized hosting ISP, was targeted by crackers. They'd taken most of the normal precautions one takes being in the hosting business; however, one of their users was a bit lax about using an internal password on an external system, and they also weren't completely up-to-date on their Solaris patches. They wound up with about 30 SPARC boxes and about 60 Solaris on Intel boxes getting owned as a result.

We had to rebuild about 90 Solaris machines from scratch. We couldn't trust a single *NIX box on their entire network, and yet we needed a way to be able to download uncompromised Solaris patches, TripWire binaries, etc. from a local repository (so as to facilitate a script-based installation, patching, and security process).

So, do you know what we did? We took a Windows NT Workstation 4.0 box, put a Windows ftpd on it, and set it for read-only access. It didn't matter if our cracker could sniff the file-contents we were downloading; what mattered was that he not be able to somehow break into the local file-repository and pollute the patches and TripWire binaries with his own, trojanned versions. Since NT doesn't have a remote interactive shell, we didn't have to worry about that. It was the quickest and easiest way to get the job done, and it worked very well, indeed.

Interestingly enough, their NT Server 4.0 boxes, their Exchange box, etc., came through the incident unperturbed. The cracker had installed sniffers on various Solaris boxes and had a week in which to try his hand at the NT machines - and yet, they weren't compromised.

Having said all this, I see nothing in either Dr. Pournelle's article on byte.com, my security memo on byte.com, nor in my further comments on Dr. Pournelle's Web site which ought to give rise to the objections you've posited. Besides the fact that you can't seem to bother to get my name right, you are using straw-man arguments which have no bearing on the context of the original remarks which seemed to spark your (to me, inexplicable) complaints.

What I sense here is in fact an attempt to vent blind anti-Microsoft prejudice by nitpicking, taking remarks out of context, etc. It is very disappointing to me - someone who's been using various flavors of *NIX for 20 years, who runs Linux on his desktop machine and dual-boots Windows 2000 and Linux on his notebook while building and securing boxes running most any flavor of *NIX you can name as part of his job, and who is himself an open-source advocate - to come across yet another example of seemingly thoughtless demagoguery from someone apparently associated with an important open-source project, in this instance FreeBSD.

Do you really expect to make converts to your cause by resorting to disingenuous sophistry, rather than nuanced persuasion?

I will personally stake $100 on the proposition that not a single Windows box was used in last week's spate of DDoS attacks against yahoo.com, cnn.com, ebay.com, buy.com, datekonline.com, and zdnn.com.

Care to match me?

I do know for a fact that at least one Red Hat Linux 6.0 box -was- used in those attacks, along with Solaris boxes, and God knows what else.

How much do you care to wager that a FreeBSD box wasn't used, as well?

I await your reply with great anticipation.

Roland Dobbins 

<rdobbins@dsw.net

And then comes:

Jerry,

I agree with most of what Roland says about this subject, but I think he's wrong about the future. With lots and lots of computers going on-line 24x7 (cable or DSL) the vast majority of them are going to be Windows. With this many machines, I can't see the crackers essentially ignoring such a huge potential target. There are just too many of them to not try and hack.

And once hacked, the user of a Windows box is even less clueful than most Unix users/admins. Combine this with the fact that it's very very easy to hide processes and tasks in Windows, and I can guarantee you that trojans and viruses that allow this type of thing are going to be very common on Windows boxes in the near future.

To support this conclusion, I've got a couple of things for you to think about. I'm sure you've heard stories of people hooking up to a cable modem service, opening up their Network Neighborhood, and finding all their neighbors machines readily read-writable via Widows shares. I personally have never seen this (I'm on a cable modem), but I don't doubt that it's true. Basically, people setup Networking on their Windows boxes, and they just don't configure passwords.

This is a wide open door into hundreds if not 1000's of machines, at known IP address ranges (@Home, RoadRunner, etc), usually online 24x7, with good connections to the net. It can be easily scanned for by connecting to port 139, and using source from the Samba tools and extract the code from there to try and do an anonymous connect to the box. It's almost as easy as scanning a university network, but the admins are less clued in, and the security is probably much looser.

Second, look at all the viruses that exist in the Windows world. Most of the time, the only way you find out they are there is that they do something. What if, instead of popping silly windows up on your screen, or deleteing files, they just installed themselves, maybe sent a registration msg to a central server to let it know that it's installed, and waited for a master to come and tell them what to do. This would be virtually identical to what these current DDoS slave programs are doing, the only difference being the delivery.

With very little work, I can see a virus being created that is the Windows equivalent of these DDoS slave utils. The source code for the DDoS programs is already available, it's only problem is that it's written for Unix, which would probably not be very hard to port to Windows. After that, the only problem is getting them onto people machines. Well, how about as an email attachment of a make-money-fast email, guaranteed to cross the internet and back in 12 hours or less. Or maybe even a Melissa type email/Word doc, but less obvious about it - if Melissa had been slower operating, and hadn't had the porn site list, it probably would have been days before people even noticed. Or even better, attached to the recent email hoax that's spreading around that actually made the evening news last night: http://cbs.kgan.com/now/story/0,1597,161076-223,00.shtml I've gotten so many of these type of things in just the last few months I want to scream about how GULLIBLE/LAZY people are about not spending 10 seconds checking something out before reacting. And we all know people who blindly click on any attachment without scanning it.

Given how many virus writers are out there, and now that they see the power of these DDoS utils (I'm convinced this recent set of attacks on Yahoo, et al, are just "power trips" by the perps), I don't see how the virus writers could NOT do something like it, especially the good ones.

Expect these to start showing up (if they haven't already) in the next 6 months. I'm tempted to do it just to prove it can be done, which is what I'm sure many virus writers are thinking as well.

The moral of this: while *NIX boxes may be the current platform of choice for crackers for many reasons, as more and more Windows boxes get high speed access, their well known security holes will quickly make them the "slave" box of choice, due to their wide availability, ease of cracking, and unlikelyhood of being caught (mainly due to the cluelessness of the users).

The other moral: endsystem security is going to be even more and more important. It's critical that companies, including MS, RedHat, Caldera, etc ship OSes that default to HIGH security. Yes, it's often a pain, but as soon as Yahoo can make the liability stick (to the tune of several 100 million dollars) to the owners of the poorly administered machines that helped in the recent attack, they'll be going after the OS companies next time.

Pete Flugstad

Agreed, particularly about the DEFAULTS as SHIPPED.  Let's start a campaign. I will in the next BYTE column. Thanks.

Lots to think about here. Thank you for sending this.

 

 


Jerry-

Whenever I get or build a new system, I set up a pendaflex file, with a few file-folders inside. In one folder goes all the receipts for everything that goes with that particular system (networking stuff, new video cards, etc.) In another goes all the manuals. In the last, all the CD's and floppies that came with the system. It's a complete overkill, but when I need something I spend less time scratching my head wondering where something is that I need right now. I'll also drop in a CD-R of any patches for the hardware that I may need, should I have to rebuild.

Of course, this all presumes that you have the time to do when building/upgrading/maintaining a system, and I've never had to care for or feed more than two at once, your mileage may vary.

-Ryan Greene

Actually, I tend to use a clear plastic "sweater box" as a "project box" into which I put everything relevant, manuals, disks, spare hardware, the cables that came with the motherboard (Iwill cables are the only ones well thought out; everyone else ships cable with motherboards that seem to have been designed by a puzzle expert to force twists and turns nearly impossible to make), small parts, screws, instrucions, and all the stuff that accumulates from the motherboard, chip, memory, video, sound card, etc. when you open the boxes.

Alas, this time the Tyan book was over on the table with the Tyan, and when we wanted to use Mohican for something I cleaned off that table with a lot of software recently installed or about to be installed into a "table box" (at least everything is kept together) instead of sorting the relevant parts into the Mohican Project Box. I.e., I violated my own procedures, and paid the price. Eventually I figured out what happened.


Official reply from Microsoft re problems about the IE 5.5 website from a reader:

Subj: Question regarding IE 5.5 and Windows Update 

Hi Jerry, hope all is well. Your question regarding problems IE 5.5 beta testers are having with Windows Update was passed on to me. Sorry for the delay, but had to some checking to make sure I understood all the particulars. Here is what I know and have for you to date.

Your reader is correct, beta testers were able to access Windows Update until a couple of weeks ago. At that time Microsoft began a redesign of the site to better accommodate users of all the different flavors of IE, including beta testers. Up until now, all IE related items went into one "catalog" but with the redesign, there will be separate catalogs for IE 5, IE 5.01 and IE 5.5 beta. As a result, Windows Update support for beta testers had to be suspended during the redesign. We expect support for beta users to be restored fairly soon, within the next 3-6 weeks.

If someone needs to regain support sooner they should restore their system to its pre-IE 5.5 state using the backup files they should have made before installing the beta. They can then access Windows Update via IE 5. While on this point, there is an issue with the uninstall of IE 5.5 beta and that will be addressed in the next release. I don't have timing for that. So as I'm sure you are quite familiar with, a good precaution for everyone using beta software is to back up their systems before installing any beta code.

I appreciate how this can be annoying or frustrating for users, but it's beta, that's why we do the testing and why we warn users about the risk they take in using beta software.

And finally to the last point your reader mentioned, you do need to use IE to take use of Windows Update. That doesn't mean folks can't have another browser as their default, they just can't use Windows Update with that browser. They can still access Windows Update, they just have to do so via their Start Menu, click on Windows Update which will then launch IE and take the user to the site.

Let me know if you have any other questions or whether my mail has spawned more questions on your part.

 Waggener Edstrom 

(Emphasis added by me.)


Unfortunately, porting from Unix to Windows is no longer as difficult as it once was. Cygnus has been working for some time on a dll that provides the Unix API in a Windows environment, and the last release is rather bug free. This makes for some interesting possibilities for the script kiddies - since anything in a dll may also be staticly linked. I suspect it's only a matter of time.

Tom Genereaux

That or some other way. As my article said, the first thing to do is go to www.grc.com and see if your system is vulnerable, and if it is, do something about it. It is certainly that case that when enough attention is turned to the problem, ways to facilitate compromising Windows systems will be developed and published.

No one I know thinks Windows systems will stay unaffected for long. It's a bit harder to get them to respond to the kind of instructions used in the DDoS attacks (some would say because of the limits of such machines) but it is certainly not impossible; and there will come a time when automated attack systems will be easily found on the web. When that happens, we need to be ready.

And that is the important point here: look to your security, because if you don't someone else will.

 

 

 

TOP

 

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Thursday, February 17, 2000

From: Steve Setzer <setzer@backfence.net> Subject: More on security from the "other platform"

Regarding the issues raised by Messrs. Dobbins, Sobral and Flugstad on security, I thought I'd add a couple of notes from the Mac side of the house:

1) On the AirSwitch high speed network I routinely see between 3 and 10 Apple servers (personal file sharing). I don't doubt that someone could find a way to drop a nice little bomb into an insecure Mac as easily as the gentleman described for a Windows box.

So, despite what a few MacFolk like to think, a Mac may not be all that safe, especially because...

2) Apple's next OS rev, Mac OS X, is at heart a...BSD derivative! Right now, by default the current version (Mac OS X Server 1.0) ships with all remote services locked down, but the installation wizard makes it very easy to start up remote services like telnetd and ftpd and barely mentions the security issues.

Mac OS X will vastly increase the number of *NIX boxes run by novices. I sure hope Apple is taking note...

Steve Setzer

Thanks. It's a whole new world out there... And a dangerous one.

Hi Jerry:

Your excellent site has me now promising to send you the subscription fee in less than one month. 

With the discussion regarding the vulnerabilities of windows machines to attack I thought you and your readers would be interested in the following:

In early December I got aDSL service through BellSouth. I configured an old Cyrix 586 120MHz box to act as the internet server connection. My wife, daughter and myself can now all use the internet from our computers simultaneously with (usually) good performance.

The Cyrix is running Win98 first version with all the security patches MS has available. NetBEUI is not bound to the external Ethernet adapter (the one that interfaces with the DSL modem). On this machine I have version three of Wingate p[professional running as the sharing/firewall software. The external Ethernet adapter is configured so that no services provided by Wingate are bound to it or allowed to initiate from the "wild" internet.

In addition, as an extra precautionary layer, Blackice defender is running in front of the Wingate software in "paranoid" mode. Here is where it gets interesting:

I checked the set up using Steve Gibson's excellent grc.com shiels up service and, apparently, my internet machine is fully cloaked and invisible (I am not totally convinced of this).

ATTACKS: There have been over 40 attacks since that time. These are mostly in the way of broadcasts or scans of the known BellSouth aDSL IP addresses looking for vulnerable systems. Everything from back orifice pings, telnet, ftp probes, packet storms of various types (DOS against the BellSouth aDSL?), probes, etc. I can't remember the mind boggling variety that Blackice has been able to ID.

Even more interesting:

Most of these attacks were successfully backtracked by Blackice so I now have an interesting log of the (apparently) originating IP address, computer name and, in some cases, even the MAC addresses. BUT: More than a couple of attacks/probes have occurred where no information was determined by Blackice and an IP address of 0.0.0.0 was the only thing logged as the source of the attack. I don't know, but that looks like it could be a very professional type hacker...?

So, the internet is a very active and hostile place for the undefended computer and looks to be only fairly safe for those taking reasonable precautions (I hope I fall into that class but one can never be too sure).

I look forward to comments from you and your readers.

Have a great day!

Bruce :-) Bruce W. Edwards I.S. Auditor (Still learning a lot!) and Comic/book collectibles dealer www.quasarcomics.com

Thanks. An interesting log indeed...

 

 

TOP

 

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Friday,

Just back. Mail tomorrow.

 

 

TOP

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Saturday, February 19, 2000

The big news is that The Burning City by Larry Niven and Jerry Pournelle is shipping from Amazon. This is our big heroic fantasy (well the characters think they are in a heroic fantasy) about a time 14,000 years ago just after Atlantis sank and the magic is going away. (Well, it's big news to me, anyway...)

Begin with this while I go to breakfast; there's a lot to be put up here, including some more analyses of the DoS attacks.

A new variety of cable modem has come out which uses a semi-fixed IP address. I gather that there is also a new variety of IP address involved in this.

The upshot is that it is not possible to use a Windows 98 proxy server with this new type of cable modem (NT &; Linux proxy servers will work though) and, as the modem is always on, any PC connected to it is vulnerable to hacking. Macs and Linux/Unix machines with such cable modems can also be used to fuel DOS attacks. Turning the modem off will cost it its IP address, whereupon it takes 30-120 minutes to get a new one from the ISP's main server in Denver.

You may recall that I built my house back in 1983 with a TV cable running to the study for expected use with a cable modem someday. That day was Tuesday and I discovered, to my horror, that my cable company (Charter Pipeline) would only provide me with this new type of cable modem.

I'm not about to pay $300-$500 for the joy of switching three home PC's from Windows 98 to NT (especially as my twin sons leave for college in September), nor $2000 for full firewall protection which I must have as I maintain confidential court files from work on one PC.

So I've waited a long time for a cable modem but couldn't use it when it finally got here.

Doubtless there are sound commercial reasons for Charter Pipeline to use this variety of cable modem, but its innate security problems make it best suited to serve set-top boxes for Web TV.

I'm sticking with two 56k ISP's which cost me $28 monthly total until prices come down enough on NT machines and firewalls.

Tom Holsinger

tomholsinger@hotmail.com 

I think you have overstated the problem, and my guess is that we'll have answers before I finish breakfast...

Hi Jerry,

What Mr. Holsinger needs is a new product from Linksys www.linksys.com. They now offer a Cable/DSL Router with a built-in 4 port dual speed 10/100 Switch. The EtherFast Model BEFSR41. I got mine the other day for $165 from Outpost.com. He won't need NT for all his machines to access the Internet.

Regards,

Will Bierman wbierman@pacbell.net

Or...

Mr Tom Holsinger has another option besides a $2000 firewall and changing his Win98 boxes to WinNT. Buy an old Pentium, install a Linux or BSD distribution, and use that.

They all provide firewalls, and they all can do Network Address Translation (known in Linux as IP Masquerading), meaning your network will look like a single computer from outside, and you will be able to keep using Windows 98.

For the security minded, I recommend OpenBSD, which has the best track record of any operating system I know of, but can be a tad difficult to configure. Alternatively, some Linux distributions come with extended documentation and graphical installers/configurators, though I eye such things with a certain degree of suspicion. My own preferences remain elsewhere, and I'll be glad to help anyone who wants, or direct them to someone who can.

Also, you can buy pre-installed Linux and BSD boxes, though that would cost higher than buying an used Pentium and doing it yourself.

-- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org

"If you consider our help impolite, you should see the manager."

yes. My Netwinder from Rebel does much the same thing, although Roland seemed to have some problems with setting it up for Niven (who uses AOL among other things).

There are certainly many ways out of the box.


 

Roland gives me this with the subject of "heh":

http://www.totse.com/DeCSS/ 

I make no comment except that you will find there  'modern American' language, which is to say it would have been considered obscene and blasphemous when I was young, so if that offends you, don't go. On the other hand, I doubt the author had any intent to be either; he was hoping for emphasis, and thought to shock people. At least he knows he's doing that; all too many drop in scatological and physiological  and incestual language without even knowing they have done so: they cannot talk or write without doing so. And my fair warning seems to have taken over, since I find the content interesting and the stunt he proposes more so. (And please don't send me sermons on language; having been a soldier and a novelist and journalist it is unlikely you can find anything to say that would shock me. I've seen too much of the real thing to be frightened by words. But bad taste is timeless...)


I found my NoteTab problems to be W 2000 related but a reader reports:

Hi Jerry, I've been reading about your adventures with NoteTab Pro and I thought I would throw in my two cents. I downloaded the 30-day trial version about three weeks ago and have been using it daily as my default text editor. I liked it. The only problem I had with it was that every few days it wouldn't allow me to save, telling me that my trial period was over. This while I could see on the screen that I had so many days left. 

Closing the editor and re-opening it always fixed this problem, but it was irritating. I deleted the trial version, using the "remove" program that came with NoteTab. I ordered, downloaded, and installed the $19.95 version. I associated .txt files with NoteTab both through Windows and with the option in NoteTab to "replace MS Notepad." NoteTab Pro refused to open .txt files with a dbl-click. I've "removed" NoteTab, reinstalled it, and still no luck. I've "removed" it again and then found and deleted references to NoteTab from win.ini. NoteTab support tells me that NoteTab does does not put a reference to itself in win.ini and so does not remove one. I've found and deleted references to the TRIAL version from the registry. Their "remove" program doesn't do a clean job. 

Anyway, after doing my own cleanup I reinstalled and then reassociated. No go. The program won't open .txt files with a dbl-click. I've given up and asked for my twenty bucks. I'll go back to Programmer's File Editor which doesn't have some of NoteTab's features but at least it works. (Two drawbacks though to PFE: (1) Dbl-clicking on files with spaces in the name will get you the "File doesn't exist. Do you want to create it?" (2) Work on the PFE project has stopped. It's a good program and it's freeware but it's never going to get any better.) Thanks for letting me vent. 

Best to you and your family.

 Brian Utter Research Analyst MiraCosta College  Oceanside, Ca 

I have not had similar problems. There is an update NoteTab Pro coming shortly, and I find Notetab superior to NotePad. I'll continue to use it. Thanks for your report, but my suspicion is that a story goes with that somehow.


And we got this about Roberta's reading program:

To: "'rjp@readingtlc.com'" <rjp@readingtlc.com

Subject: The reading program

Date: Fri, 18 Feb 2000 15:44:35 +1100

X-Mailer: Internet Mail Service (5.5.2448.0)

Roberta,

You might remember me, I was the bloke in England who purchased your program for my son about 4 months ago and we had some difficulties with freight and the VAT before ironing it out. I have only recently started getting him into it but I thought you might like to hear some of the results.

He likes the fact that we sit next to each other to use it. He likes learning the meaning of words, and he particularly likes it when I say I don't know what the word is and have to get the dictionary - it reinforces that we all learn things everyday so he is not stupid for having to do this. He now reminds me if I forget to get the dictionary when we sit down - "you'll need this Dad".

I have had difficulty getting the program to run from hard disk but I will sort that out if I pay more attention to it. So we have to log in using the dos screen every time we request a new lesson, but even that is a learning experience and now Ben understands what has to be entered and he does it himself.

When we got to lesson 10, which is a double lesson, Ben worked through the program and eventually got the telegram. He was so happy that he had successfully completed level 10 only a couple of days after starting the program that he ran around the room with his arms in the air as if he had scored the winning goal in the cup final. It was priceless. We rewarded him by taking him the see Bicentennial Man and he was pretty happy about that.

I hope you will forgive me but I made a copy of the program which I gave to his Mum (we're divorced) so now he does the program at both our houses and is about half way through. He enjoys working through it with his Mum as much as he does with me. He has taken the program with him to his cousins place and they (10 and 14) have worked with him to help him improve his reading.

It is notable that he has much more patience with books now, he will sit and look and read for quite some time before he tires of it and goes off for a more active interlude. We have started reading Harry Potter and the Philosophers Stone together. This book has given him a BIG boost in his motivation to learn to read and hence his application to your program.

So far its going really well and i'm pleased I made the investment. I guess Ben will have completed the series before Jerry gets around to finishing the Windows version, but at the very least Ben is able to tell all his seven year old friends that he has worked on a Dos program!!!!!!!!!!!!

I think it has been beneficial for Ben and the telegrams really seem to work, even if they appear rather twee at first site. If it does nothing more than enhance his confidence with reading it will have been beneficial because he appears to be scared to put in the effort to sound out words, and when he does he is able to read a very high proportion of the words in Harry Potter.

Well, that's all for now. Thanks again for producing this program.

David

This is clearly the DOS version of her program. There is also a Mac version. Go see it all at www.readingtlc.com and if you have any need to teach anyone to read you will not regret it. For more information on her program there is a page here.

 

 

TOP

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Sunday, February 20, 2000

I have started a new page for Windows 2000 Mail and debates. I'll put that mail over there.

Jerry,

Thanks to your article on Byte.com about DDoS attack, I visited Steve Gibson's "Shields Up" web page. I'm glad I did.

My Home LAN was hanging out the window for all to see. I use CompuServe and am behind whatever they use to protect themselves, which may have helped me, I don't know. But thanks to the instructions in FAQ's on this page I was able to "CLOSE" all holes on all machines except 1. I'm working on it.

This security test is definitely easy to use and I recommend that anyone and everyone do so. Just do it!

Regards, WD Lindberg

Jerry, Thanks for the well written &; informative article on Internet security (http://www.byte.com/feature/BYT20000210S0012 ) A visit to Gibson's site opened my eyes! I have modified my system to secure it! Regards Gohar Yusuf

That's www.grc.com in case you didn't see the article, and yes, we all ought to go look there. Often. While you are over there get his "trouble in paradise" analysis of ZIP Drives. 

And now a tip:

Jerry,

I just read your latest Chaos Manor, and the scenario with your video display getting all messed up. If that ever happens in the future, where the screen blanks, or you can't see all of it, try this: CTRL+ALT+DELETE, then ALT+S

The first item brings up the task list, of course. The second item is the keyboard shortcut for the Shutdown button. So, even if you can't see it, you can still use it. Naturally, this won't help much if the system is locked up, but for misbehaving video displays, it may be your only hope to avoid just hitting the power switch.

Best regards -Don

I think I knew that, but I had forgotten. Thanks!

Mr. Jerry,

Came across your column today while browsing to find some other info -- miss not getting the old hard copy of Byte.

Sorry your experience with On-Track System Utilities didn't work out. I've purchased the last few versions of Mijenix's utilities starting with PowerDesk. If for nothing else, I find their integrated file manager program a huge blessing. It includes integrated ZIP, encrypting, copy path as text, a synchronizer, a great file searcher, a super interface, file viewers, and much more. All together, these are much more than what you get with the basic O/S!

P.S. Do you want to part with your OmniKey/Plus yet? 

 Rod Rodgers \m/ Mail@Personal: rrodgers@bcpl.net 

My OmniKey Plus Keyboard leaves when you pry it out of my cold dead fingers.

Regarding the DoS article at www.byte.com 

Good article! I don't believe, however, that any personal machine (i.e. a machine that is not supposed to be advertising services) should be connected directly to the net. I've come to the realization that the vast majority of people, even running single nodes, may want to have services running (i.e. a web server) that could lead to a breach of security. In addition, most people, especially novice (or maybe experienced, but not with security) *nix people, don't have the necessary (or time/inclination to develop) knowledge to secure their systems.

I run an 9 node switched 100Mb mixed OS personal network at home with a cable modem and I'm continually getting probed; two or more times a day at this point. I currently run a much customized (very tight firewall rules and portsentry) version of the Linux Router Project on a 486 as a firewall router and it seems to work quite well, but it's taken a good bit of work to get it set up.

The point of all this is that there needs to be a simple, foolproof and CHEAP way to secure a home, SOHO or small business machine/network. Notice >CHEAP<? Yea, LRP and it's variants are cheap, but they're sure not plug and play and you need another machine even if it's a junker. The answer may be the new SOHO routers from DLink, Linksys, Netgear and ZyXel some of which are under $200 street. There are others, but they're either too expensive over $250 street or limited by OS or number of users. Actually, I think that the price needs to get down to $100 street or less before most home or SOHO users will be willing to buy. These devices are simple enough (hopefully) for most people to set up when coupled with a GUI admin system and flexible enough for more advanced users.

I'm certainly looking, but not ready to buy. The bottom end units (DLink, Linksys) don't appear to have remote logging and force you to use a certain set of ip numbers (192.168.1.x) and may have other limitations. ZyXel and Netgear (same unit) apparently have limited throughput, although it's fast enough for cable/DSL at this time. It would certainly be nice to see a good review of these units....

Just my two cents worth..

Best

Cokey

Cokey de Percin, DBA Email: Policy Management Systems Corp. Work - cokeydepercin@pmsc.com  Columbia, South Carolina Home - fdepercin@sc.rr.com 

Linux boxes properly installed can doa peachy job of firewalling... I use one as my Netserver. Doesn't stop Spam attacks and Mail Bombings, of course. As I got today.

And Dr. Mark Huth asks a reasonable question. I'll probably end up doing an article, but comments invited.

Jerry,

Does one of your readers have enough background explain firewalls and what one should look for in such beasts? What are the pluses and minuses of the different types of firewalls. For example, I run a gnatbox on my home system which is a ICSA certified firewall, the light version is free. I've played with the linux based fireplug firewall, also free. Both seem secure, but are they? The corporate security consultant we hired for our business insisted on a borderware firewall. You are running the Rebel netwinder, which has firewall capability. I've a copy of blackice, but don't run it behind the gnatbox. I don't have the expertise to judge, but given recent events i'd like to have someone with expertise help me begin to climb the learning curve! Are there any takers?

Mark Huth mhuth@internetcds.com  mhuth@mcpc.com 

I will try to get to that when I clean up some more here, but meanwhile I suspect we will get quite a few good essays on the subject. I may even open a firewalls discussion page.

And along those lines:

From: Sean Long seanlong@micron.net Subj: BlackICE defender

Jerry,

A followup on the BlackICE defender alerts... BlackICE Defender in "paranoid" mode will trigger on almost any network activity including network activity sent from your own machine. 0.0.0.0 as the attacker's id often means that the network activity that triggered the warning came from the computer that BlackICE defender is installed on. The same goes for 127.0.0.0, the computer's own LAN address, and whatever address your computer happens to get if it is getting a dynamically chosen ip address through the ISP.

For example, if I accidentally send a personal email message through an email host that only accepts messages a specific mailing list (using outlook express), blackICE defender will raise an alert of an SMTP scan from my own computer. Since my internet-visible IP address is dynamically assigned by the dialup server, I can't tell BlackICE defender to ignore traffic from that address.

On the other hand, I have told BlackICE defender to ignore scans from each of the computers on my home LAN, on the assumption that they're firewalled good enough that they'll never be compromised so I don't need to monitor their activity with the software. This isn't a good idea in general, but in my specific case it is reasonably safe due to the configuration of my LAN.

On the gripping hand, I'd rather see a few false alerts than have an attack sneak through undetected. BlackICE defender seems to do a very good job blocking portscans or other attacks and raising alerts for questionable network activity.

Sean Long seanlong@micron.net 

Thanks

In terms of 'personal firewalls' (essentially IP-stack-hardeners/port-blockers) which may be run on one's own personal Windows machine, I rather like the one from www.signal9.com . It does both input and output filtering, and has a pretty intuitive display which is in itself quite educational for those first dipping their toes into the world of network protocols/services, security, and so on.

It also doesn't seem offer so many scary false positives as do other, similar products, such as BlackICE.

If you can afford a cheap box to use as a firewall, properly-configured Linux wth ipchains works quite well. A word of caution, however; there's quite a lot one has to do to Linux (or any other *NIX, for that matter; they're all pretty much broken out-of-the-box from a security perspective, with the notable exception of OpenBSD) in order to get it secured. Once the OS itself is as secure as one can make it - extraneous services turned off, unecessary suid bits removed from various executables, and so forth, setting up ipchains and IP masquerading may be accomplished without too much of a hassle. See

http://metalab.unc.edu/mdw/HOWTO/IP-Masquerade-HOWTO.html 

and

http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html 

The Netwinder uses ipchains; the thing which makes it somewhat of a bear to configure, at times, is the fact that they've done a lot of customization of the various startup scripts, etc. in order to make it work with their GUI administration console. The good thing about it is that they've (for the most part) left the ipchains stuff pretty much vanilla, which allows me to bypass the GUI and edit the rulesets by hand in order to achieve the desired effect.

It's reported that AOL 4.0 works from behind ipchains; Niven is at AOL 5.0 (yes, we were able to avoid all the supposed pitfalls of AOL 5.0 quite well, with a little foresight and a careful installation), and so the problem he's having might be AOL 5.0-specific. If necessary, we'll take him back down to 4.0, although he'll soon be getting away from AOL entirely, thank goodness.

Unless one is willing to invest the time and effort required to learn *NIX thoroughly, installing a *NIX box as one's home firewall isn't such a great idea - an improperly-configured one can present a juicy target to a potential cracker, even more so than a Windows box. The Netwinder and similar devices are a step in the right direction; their default rules aren't too bad, and the OS itself isn't as open to abuse as out-of-box *NIX.

The ultimate solution, as with most problems of this sort, is self-education on the part of the user.

As far as commercial products for businesses and other organizations go, I do a lot with the Raptor firewalls from www.axent.com  ; FireWall-1 from www.checkpoint.com  ; and the PIX from www.cisco.com  . Each has its strengths and weaknesses, and choosing which to use is highly situationally dependent.

Roland Dobbins

 

 

  TOP

 

 

birdline.gif (1428 bytes)