A while back I commented on Steve Gibson’s posts at his site about the DDoS attacks on his site. Since then I have observed Steve’s efforts to stop the inclusion of raw sockets in Windows XP and the reaction by various forms of the media (as well as Microsoft) to his efforts. Now I don’t know Steve personally and as far as he’s concerned I don’t exist <g> so the following comments are not based on any personal knowledge of Steve or because I feel any partisanship towards him …
With that disclaimer aside <vbg>, what I’ve noticed about most of the responses to Steve’s pleas/campaign seems to be that it’s turning into a “my penis is bigger than yours” (or in this context I guess it is “my brain is bigger than yours” or “my knowledge is wider than yours”) sort of thing rather than an objective discussion of the issues. I have read two articles on the subject on The Register – here and here – and an couple of articles by Rob Rosenberger – the most interesting being here – and all they do is either call Steve Gibson loopy or say that he’s actually some sort of an agent of the Devil and that he’s saying that Linux is bad and MS is good because Steve happens to say that MS’s implementation of sockets was just right for a consumer OS. While they spout facts and say how Windows XP is not going to increase the number of compromised machines on the Net (which is basically true as long as XP’s security is abominably bad <vbg>), none of them really look at the core point that Gibson has tried to make.
Now I am no security expert and I wouldn’t know RFC 822 from an RJ45 jack most of the time but I do believe I have a smidgen of common sense. What Gibson’s basically said in his DoS articles is that while his site was indeed crippled by a DoS attack and the site was offline for quite a long time, he was able to bring the site backc up because his ISP was able to filter the traffic to his site because they knew the machines from which the ICMP packet flood was originating from. With raw sockets in Windows XP, it would be simple to spoof the packets sent from compromised machines so that filtering becomes impossible. The only article that I saw which even addressed this issue was on The Register and all they basically had to say was “but filtering isn’t the answer to a severe packet attack, as anyone who’s had to deal with one can attest. The real solutions to packeting are capital intensive, like load balancing and content distribution. Unfortunately, they’re quite expensive solutions, and few besides well-heeled commercial entities can afford to put them to use”
So (while I may be wrong …) what the The Register seems to be saying is that while filtering is mostly effective (as Gibson himself proved with his site …) that’s not the *real* (or should that be “accepted”?) solution – you should invest in expensive solutions that only big corporations can afford. That means that you or I who might want to run our own site from home using a broadband connection will be driven off the Net because Rob Rosenberg and The Register and Microsoft wanted to have raw sockets (without which Windows has functioned perfectly well for so long …) in XP just to be completely standards compliant? Doesn’t that seem the least bit umm … uncaring, callous, commercial … and whatever other epithet you can think of (and I can think of some choice one’s but they are all four lettered <vbg>) to you?
Why the heck can’t people use their heads a little bit more (as I keep on asking here … pointlessly I guess :p) instead of just thinking along one track or sticking slavishly to standards? Why can’t they think of the common person like you or me instead of just about big corporations? It’s the common guy or gal on the streets who makes a difference in the world – not the big corporations who (mostly) just care about the bottom line! Ah heck … why do I even bother asking these questions? :p