nanog mailing list archives
The Trailing Edge (was Re: FW: The worst abuse e-mail ever, sverige.net
From: Valdis.Kletnieks () vt edu
Date: Wed, 22 Sep 2004 13:30:01 -0400
On Wed, 22 Sep 2004 12:52:54 EDT, Jon Lewis said:
Older versions of SA, especially with custom DNSBL rules, may have had this issue (applying DUL type DNSBL rules to IPs in every Received: header:) but thats been fixed for some time.
In many cases, "fixed" != "deployed", unfortunately. And that adoption curve has got a LONG tail at the far end going to infinity, because some sites will never upgrade. Has anybody done a comparison for different instances of this same problem (for instance, rate of fixing of 69/8 filters, open SMTP relays, installing a Microsoft 'critical' software fix, patching bind/ssh/apache/whatever after a vulnerability is found), to see if the underlying curve has similar characteristics? I'm familiar with Eric Rescorla's "Security Holes - Who cares?" paper (http://www.rtfm.com/Upgrade-usenix.pdf) and Beattie, Arnold, Cowan, Wagle, and Wright's "Timing the Application of Security Patches for Optimal Uptime" from LISA XVI - any other cites, especially for those that succeed in mathematically modelling it in the real world well enough to make predictions from?
Attachment:
_bin
Description:
Current thread:
- Re: FW: The worst abuse e-mail ever, sverige.net, (continued)
- Re: FW: The worst abuse e-mail ever, sverige.net Peter Corlett (Sep 23)
- Re: FW: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 23)
- Re: FW: The worst abuse e-mail ever, sverige.net Etaoin Shrdlu (Sep 23)
- Re: FW: The worst abuse e-mail ever, sverige.net Robert E . Seastrom (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Alexander Koch (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Suresh Ramasubramanian (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Robert E . Seastrom (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Edward B. Dreger (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Valdis . Kletnieks (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Jon Lewis (Sep 22)
- The Trailing Edge (was Re: FW: The worst abuse e-mail ever, sverige.net Valdis . Kletnieks (Sep 22)
- Re: The Trailing Edge (was Re: FW: The worst abuse e-mail ever, sverige.net Jon Lewis (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Susan Harris (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net John Curran (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Randy Bush (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net John Curran (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Randy Bush (Sep 22)
- Re: The worst abuse e-mail ever, sverige.net Patrick W Gilmore (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Robert E . Seastrom (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Lars-Johan Liman (Sep 23)
- Re: FW: The worst abuse e-mail ever, sverige.net Paul Wouters (Sep 22)