nanog mailing list archives

Re: Packet anonymity is the problem?

From: "Steven M. Bellovin" <smb () research att com>
Date: Sun, 11 Apr 2004 19:05:21 -0400


In message <4079C0BB.80509 () ttec com>, Joe Maimon writes:


Jeff Workman wrote:

--On Sunday, April 11, 2004 2:45 PM -0400 Joe Maimon 
<jmaimon () ttec com> wrote:

Therefore the "good" people should beat the bad people to the punch and
write the worm first. Make it render the vulnerable system invulnerable
or if neccessary crash it/disable the port etc..... so that the "lazy"
administrators fix it quick without losing their hard drive contents or
taking out the neighborhood.

Such "corrective" behavior as suggested by you might also be implemented
in such a "proactive" worm.

How many fewer zombies would there be if this was happening?



As I understand it, Netsky is supposed to be such a worm. Doesn't seem 
to make much of a difference, does it?

I thought that Nachi/Welchia was supposed to be such a worm as well, 
and it ended up doing more harm than good.


One could argue that those were implementation issues, probably 
performed by people who did not know what they were doing.

From a perspective of auto-patch, *no* programmers "know what they're

doing".  The state of the art of software engineering, even for 
well-designed, well-implemented, well-tested systems, is not good 
enough to allow arbitrary "correct" patches to be installed blindly on 
a critical system.  Let me put it like this:  how many ISPs like to 
install the latest versions of IOS or JunOS on all of their routers 
without testing it first?

From a purely legal perspective, even a well-written, benevolent worm

is illegal -- the writer is not an "authorized" user of my computer.  
But I'd never authorize someone to patch my system, even an ordinary 
desktop PC, without my consent -- there are times when I can't afford 
to have it unavailable.  (Many U.S. residents are in such a state for 
the next four days, until they get their income tax returns prepared 
and filed.  I don't even like installing virus updates at this time of 
year.)

Auto-patch is a bad idea that just keeps coming back.  Auto-patch by 
people other than the vendor, who've done far less testing, is far 
beyond "bad".


                --Steve Bellovin, http://www.research.att.com/~smb

Current thread:

Packet anonymity is the problem? Sean Donelan (Apr 10)
- Re: Packet anonymity is the problem? Todd Vierling (Apr 10)
  - Re: Packet anonymity is the problem? Dan Hollis (Apr 10)
  - Re: Packet anonymity is the problem? Paul Vixie (Apr 10)
    - Re: Packet anonymity is the problem? Joe Provo (Apr 11)
    - Re: Packet anonymity is the problem? Petri Helenius (Apr 11)
    - Re: Packet anonymity is the problem? Joe Maimon (Apr 11)
    - Re: Packet anonymity is the problem? Jeff Workman (Apr 11)
    - Re: Packet anonymity is the problem? Joe Maimon (Apr 11)
    - Re: Packet anonymity is the problem? Jeff Workman (Apr 11)
    - Re: Packet anonymity is the problem? Steven M. Bellovin (Apr 11)
- Re: Packet anonymity is the problem? Iljitsch van Beijnum (Apr 11)
  - Re: Packet anonymity is the problem? Yann Berthier (Apr 11)
    - Re: Packet anonymity is the problem? Iljitsch van Beijnum (Apr 11)
    - Re: Packet anonymity is the problem? Yann Berthier (Apr 11)
    - Re: Packet anonymity is the problem? Owen DeLong (Apr 11)
    - Re: Packet anonymity is the problem? Henry Linneweh (Apr 11)
  - Re: Packet anonymity is the problem? Steven M. Bellovin (Apr 11)
- Re: Packet anonymity is the problem? Patrick W . Gilmore (Apr 14)
  - Delayed mail [WAS: Packet anonymity is the problem?] Patrick W . Gilmore (Apr 14)