From rob@brasaap.iaehv.nl Sun Sep 15 22:39:01 1996 Received: from news.IAEhv.nl (root@news.IAEhv.nl [194.151.64.4]) by suburbia.net (8.7.4/Proff-950810) with SMTP id WAA19190 for ; Sun, 15 Sep 1996 22:38:26 +1000 Received: from LOCAL (uucp@localhost) by news.IAEhv.nl (8.6.13/1.63) with IAEhv.nl; pid 2266 on Sun, 15 Sep 1996 14:33:03 +0200; id OAA02266 efrom: rob@brasaap.iaehv.nl; eto: UNKNOWN Received: (from rob@localhost) by brasaap.iaehv.nl (8.6.11/8.6.9) id KAA00475; Sun, 15 Sep 1996 10:36:19 +0200 From: "Rob J. Nauta" Message-Id: <199609150836.KAA00475@brasaap.iaehv.nl> Subject: Re: BoS: Re: Phrack vs. RealSecure To: benc@geocel.com (Ben Camp) Date: Sun, 15 Sep 1996 10:36:19 +0200 (MET DST) Cc: best-of-security@suburbia.net In-Reply-To: <2.2.32.19960914204327.006e72a4@lithium> from "Ben Camp" at Sep 14, 96 03:43:27 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit > > For whatever record there is, I think its insane to implicate ISS in any > sort of wrong doing. > > He did not make ISS (i guess SafeSuite now) what it is by naming it Satan, > looking for bad press, and throwing his ego all over the place. He wrote a > genuinely useful program and people saw the value. ISS didn't get renamed to Satan. Satan was written by Dan Farmer and Wietse Venema, and ISS was written by Christopher Klaus. ISS is about a year older than Satan although Satan tried to catch up by creating all kinds of hype publicity about itself. The innovative part of Satan was its user interface. Apart from that it did a simple scan comparable to ISS 1.0, a portscan, a showmount here, an YPX attack there, the well-known techniques of 1991. ISS is more relevant since it has progressed since then. New techniques and problems have surfaced. They have things like a vulnerability database, a www site, bulletins on web security etc. And I've heard about their tools to protect sites from all kinds of things, not just SYN floods some time ago. They announced a detector against half-open scans (which uses just SYN's) a long time ago. So I agree it's not fair to knock ISS, I regard Christopher Klaus and the ISS team as highly respected security experts, and I know they would not publish hacker tools or hints on flooding to sell their products. [...] > BTW - that SYN flood source has been out and publicly posted for alot longer > than Phrack or 2600 has had it. Indeed, a magazine called FEH had some very good and useable SOCK_RAW code (the demo program sent a christmas tree packet) in issue 4, which would be easily used to build a syn flooder and a spoofer, and this is more than 6 months old. Rob -- /; ;\ __ \\____// From the keyboard of /{_\_/ \`'\_/__ Rob J. Nauta \;/ \___ (o\ /o } rob@nauta.it __//_______________________/ :--' rjn@pobox.com / //######## #### \_ `__\ // ###### #### #### \___(o'o) =/ ### ####### ### `===='