Security Incidents mailing list archives
Re: Flash Worms
From: Vern Paxson <vern () ee lbl gov>
Date: Wed, 22 Aug 2001 00:31:17 PDT
On large sites, sometimes with several accesses to the Internet, you're probably right. But (correct me if I'm wrong) such large and complex sites are not the most common case nowadays, are they ?
I really don't know, and it would be highly interesting to have better
insight into this. Do the bulk of machines come from (a whole lot of) small,
administratively homogeneous sites, for which it's reasonable to think that
they should be able to get a handle on their site security policies? Or from
ISPs? Or from large sites like .edu's?
I suspect the scaling works against security whichever way it goes. If it's
large sites, it's the problem I've been arguing, that it's fairly intractable
to actually get a handle on *and continue to maintain* some sort of coherent
policy. If it's small sites, even though in principle the administration is
tractable, there will be enough of them that a significant fraction will
not, for whatever reason, manage to have any sort of solid/coherent policy.
Vern
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Flash Worms, (continued)
- Re: Flash Worms jaywhy (Aug 18)
- Re: Flash Worms Dragos Ruiu (Aug 19)
- Re: Flash Worms Shoten (Aug 23)
- Re: Flash Worms Kevin Reardon (Aug 24)
- Re: Flash Worms Stuart Staniford (Aug 22)
- Re: Flash Worms Bruno Treguier (Aug 21)
- Re: Flash Worms Kevin Reardon (Aug 22)
- Re: Flash Worms Jose Nazario (Aug 19)
- Flash Worms and congestion Stuart Staniford (Aug 22)