RE: SQL Slammer - lessons learned

["Steve Wray" <steve.wray () paradise net nz>]

ok so how about some sort of 'driving test'
for internet access?

Proposed Scenario;
ISPs will give you unfiltered internet access if you can
pass a basic test demonstrating your ability to stop your
machine from being used to mess up internet access for others.
(Ok so MS engineers would probably *fail* as would Bill Gates...)

If you can't pass or don't want to sit the test, you
get internet access filtered to stop you from ignorantly
harming others.

Almost like a driving test; if you can't pass it or don't
want to sit it you get to ride a *mo-ped* so you aren't a danger
to others
;)

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Helmut Springer
> Sent: Monday, 10 February 2003 11:00 a.m.
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] SQL Slammer - lessons learned
>
>
> On 09 Feb 2003 at 21:53 +0100, Schmehl, Paul L wrote:
> > This analogy is false.
>
> For sure it is not 100% true, as all analogies aren't.
>
>
> > Your phone calls do not affect my ability to connect to the
> > telephone company, nor to do they take down my phone system.
>
> If I'm attacking your line or telco equipment or that of you carrier
> they will.  Limited resources and vulnerable systems, actually this
> will become more of an issue as medias converge.
>
>
> > Furthermore, while the phone company doesn't decide the topics you
> > can discuss, they most *certainly* control what you can and cannot
> > transmit across their lines.
>
> They do?  As long as I stick to the transmission standards (as in
> "ip" for the internet) I dare to doubt this.  A good friend spent
> some years teaching telco people how to build and run phone
> networks, so I happen to have little insight here.
>
>
> > Finally, ISPs are not phone companies.  They are companies that
> > contract with customers to provide them with a connection to the
> > Internet.
>
> Right, they sell the ability to send and receive ip packets, as
> already said.  Everything else is add on I personally either don't
> care or will order (e.g. DoS handling at upstreams or whatever kind
> of service I as a customer would like to have for my site).  They
> might take emergency measures as temporary exceptions to deal with
> emergency situations.
>
>
> > > Internet is the ability to send ip packets from one node to
> > > another.
> >
> > No, it's not.
>
> Actually it is, the most basic definition.
>
>
> > It's much more than that.  It's the ability to communicate through
> > multiple means and methods.  And much more.  It is not simply a
> > connection from one node to another.  If it *was*, you wouldn't be
> > concerned about blocking ports.
>
> Actually I'm not, you want to do so.  I want to be able to send and
> receive ip packets according to the standards for this, that's it.
>
>
> > However, when your system affects mine, then I am involved.
>
> Yes, when they do so.  As long as they don't they are simply none of
> your business.  So don't tell me what ports I should be able to use
> on my side, feel free to filter to your needs on your side.
>
>
> > Just as you can do anything in the privacy of your own home, but
> > some things will get you arrested in public, you can do anything
> > on your own network, but when you get on the Internet you are in
> > public, and the public has a right to demand certain behaviors
> > from you and inflict certain consequences on you if you fail to
> > comply.
>
> That's liability for things done, as everywhere, no problem.
>
>
> > Paul Schmehl (pauls () utdallas edu)
> > Adjunct Information Security Officer
> > The University of Texas at Dallas
>
> Protect your constituency and make sure it doesn't attack others.
> If you find some spare time, try to understand internet.  But don't
> try to force others to join a limited network you want to be in.
>
> -- 
> MfG/Best regards,                   "A Feature you cannot disable is
> helmut springer                      considered a bug"  comp.os.unix
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html