nanog mailing list archives
Re: Over three million computers 0wned?
From: Sean Donelan <sean () donelan com>
Date: Mon, 30 Jun 2003 03:59:02 -0400 (EDT)
On Sat, 28 Jun 2003, Etaoin Shrdlu wrote:
Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous amount of software out there that makes it EASY to take over machines (and I include every single default install of every single OS that enables anything more than port 22), if it weren't for the stunning array of folk
Heavy sigh. Unfortunately even that isn't good enough for some vendors. Yep, believe it or not, at least one vendor managed to create a buffer overflow in their IP stack which didn't require *ANY* ports to be open on the victim. If it was connected to the network with an active IP interface, that was enough. If you want complete network safety, you want wire cutters. Then you just have to worry about the traditional physical stuff like sneaker net, theft, etc. The unanswered question is what should be considered reasonable? And how much of a burden should the end-user carry?
Current thread:
- Over three million computers 0wned? Sean Donelan (Jun 28)
- Re: Over three million computers 0wned? Rob Thomas (Jun 28)
- RE: Over three million computers 0wned? Marc (Jun 28)
- Re: Over three million computers 0wned? Etaoin Shrdlu (Jun 28)
- Re: Over three million computers 0wned? Valdis . Kletnieks (Jun 28)
- Re: Over three million computers 0wned? Sean Donelan (Jun 30)
- Re: Over three million computers 0wned? Adi Linden (Jun 30)
- <Possible follow-ups>
- Re: Over three million computers 0wned? Jamie Reid (Jun 28)