Re: Hackers Out of Business?

Michael Neuman (mcn@c3serve.c3.lanl.gov)
Mon, 10 Oct 1994 19:24:40 -0600

> From bugtraq-owner@fc.net Mon Oct 10 18:20:04 1994
> Curious to note tho, is that their system was down after that message was 
> posted for most of the time.  Atleast from people Ive talked with, they said
> they couldnt ping it, nor connect to it, much less try to attack it. 

  I've pinged it at least once a day for the past 2 weeks, and it
  hasn't been up once..

>	o  Active defense mechanism - captures intruders:   Side-
> winder  has  been  designed to actively respond to  any  type  of 
> outside  attack  by a hacker or malicious code.  Sidewinder  will 
> react  to an attack by allowing a system administrator to  choose 
> from a range of sophisticated countermeasure strategies:   Termi-
> nate  the attacker; Give misleading information; Strike  back  by 
> identifying the attacker for future prosecution.

  I'd *REALLY* like to know what it does to 'identify' the attacker. A
  finger and and identd call? And who in their right MIND would accept
  finger or ident returns as prosecutable evidence?

  Doesn't tcp wrappers provide all of this? Wouldn't a good proxy
  provide all of this too? 

> 	o  Content-based  message  filtering:   Sidewinder   goes 
> beyond  traditional  firewalls  by  incorporating   content-based 
> message  filtering.  Traditional firewalls filter messages  based 
> upon  the  routing address of the message, which  can  easily  be 
> defeated.

  Wow, I bet that's slow...

> 	o  Easy access to Internet services: Sidewinder  provides 
> users  with easy, user-friendly, point-and-click menus to  access 
> basic Internet services.

  Oh great... When the next Mosaic comes out, everyone will have to wait
  for Sidewinder to sell their easy, user-friendly, point-and-click
  replacement. Sounds like a great way to make money off of free
  software.
 
>      o One-time sniffless passwords: Sidewinder  provides  strin
> gent user authentication with the LOCKout(tm) security  software.  
> LOCKout is a highly secure challenge-response identification  and 
> authentication system that replaces traditional passwords.

  S/Key!

>      o  Defense  in depth:   With  traditional  firewall's,  once 
> security  has been compromised, the entire network is exposed  to 
> the intruder.  With Sidewinder and it's patented Type Enforcement 
> mechanism,  any break-in is limited to the specific assault,  and 
> the  intruder cannot migrate through the rest of the  information 
> infrastructure.

  Huh? If an attacker breaks into one machine, he cannot telnet or ftp
to another? I assume it does this by content-based filtering. So, what 
happens if I send email to a friend saying, "Try: ftp ftp.greatcircle.com", 
will it "terminate me"?
 
> Secure  Computing also provides a Security Alert Service  to  any 
> organization that installs Sidewinder.  With this Service, organ-
> izations  are kept informed about current hacker  techniques  and 
> attack scripts, as well as other potential risks.

  "Sidewinder Installation Step 5: Send email to advisories-request@cert.org"

> "Secure Computing has leveraged heavily off of it's patented Type 
> Enforcement  technology, which is currently being used to protect 
> U.S.   Government  classified  networks,"  said  Kevin  Sorensen, 
> Director of Marketing for Secure Computing. "These  sophisticated 
> security  mechanisms  have been repackaged  into  the  commercial 
> Sidewinder product."

  Protect classified networks from what? No government organization
  would EVER approve classified networks connected to the Internet.

  This all sounds like hyped up free software to me. Anyone disagree?

-Mike