[BBLISA] Question about Network analysis tools

miah jjohnson at sunrise-linux.com
Thu Jan 8 15:30:20 EST 2004 

The thing that annoyed me most about Mr. Gibson was the 'Windows XP has the raw sockets' crap that he was going on and on about.  OH NO SOMEBODY CAN CREATE SPOOFED PACKETS.  If our routers were setup correctly and did egress filtering this wouldn't be much of an issue.  Not that you couldn't do as you pleased before XP, and have been able to do for years on any UNIX system.  Other than that, I've been able to ignore him for a while, and hadn't heard anything about him until that first post about using Shields Up.

As for websites that require email addresses... mail.yahoo.com is your friend =)

But seriously, if you really need to port scan your box from outside your network, login to a remote shell.  I'm sure many of you have shell accounts on unix boxes where you can run nmap without worry.  So why trust some third party that could give you incorrect information, when you can get better and more acurate information by doing it yourself.

-miah

On Thu, Jan 08, 2004 at 03:06:42PM -0500, Douglas Alan wrote:
> Eric Smith <eric.smith at ascentialsoftware.com> wrote:
> 
> >      I wondered about that statement too.  So I did a little web
> > searching.  The first site I found about grc & Shields Up! was this
> > one:
> > 
> > http://www.grcsucks.com/
> > 
> >      which led me to this one:
> > 
> > http://blog.netwarriors.org/d/musings/misc/2002/10/30/shieldsup_analyzed
> > 
> >      It looks like this person used a packet sniffer to see what
> > exactly Shields Up! does.  And it also comments on the language used
> > on grc.com, which I would agree is really inappropriate (to much
> > self-importance and hype.)  I didn't realize that Shields Up! did as
> > little as it did. Almost not worth using.
> 
> I think that all of this is nothing but a lot of sound and fury.
> Apparently the Shields Up! guy annoys a lot of people with his excessive
> verbiage and self-aggrandizement.  So, what?  I have the ability to
> ignore all this and use his web-site as the simple port-scanner that it
> is.  I put no more weight into what it tells me than I should from the
> results of a simple port-scanner.
> 
> Does HackerWacker do more exhaustive tests?  I do not know -- their
> website requires you to give them your email address, and I hate doing
> that in this day and age.  (Though I suppose I could easily give them a
> for-spam-only one, I typically hit "back" on the browser as soon as I
> see any nuisance requirement to register.)
> 
> |>oug
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa

More information about the bblisa mailing list