nanog mailing list archives

Re: botted hosts

From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 04 Apr 2005 22:01:38 +0200


* Paul Vixie:

hell, as long as we're making a list of the things sender-side network admins
should filter on their end since they're innappropriate for the wide area,


Technically, HTTP is inappropriate for wide-area networks.  A lot of
HTTP applications still do not support persistent connections
(resulting in lots of unnecessary round trip delays).  HTTP does not
perform any checksums, and the TCP checksum alone is insufficient
across the Internet (failures are rare, but when they happen, they are
reproducible across the affected router).  HTTP does not provide
confidentiality.  The frameworks usually used to build HTTP
applications do not offer adequate security, and often encourage risky
programming styles.  Implementation quality is as poor as it can get.
And so on.

DNS is even worse, and thanks to DNSSEC, we will never see fixes for
the most pressing issues.

So "inappropriate" is the wrong word here, "you can filter it and you
can get away with it" is closer to reality IMHO.

senders and sender-isp's have a long list of things they have to do in order
to not be compared to toxic polluters (a term i believe michael rathbun coined
for use in this context, and for which i am thankful.)


But detection and response are more important than prevention.  You
cannot block 80/TCP bidirectionally, so there will always be a malware
problem.  At the moment, 25/TCP &c blocks are sufficient to outrun the
competition, but this will change as such filters become more and more
common.  Blocks might be cheaper at this point, but I hope it's
economically viable to skip this stage (because it's so disruptive and
will only result in more SOAP lookalikes) and invest into the next
one.

Current thread:

Re: so, how would you justify giving users security? [was: Re: botted hosts], (continued)
- - - Re: so, how would you justify giving users security? [was: Re: botted hosts] Gadi Evron (Apr 04)
    - Re: so, how would you justify giving users security? [was: Re: botted hosts] Petri Helenius (Apr 04)
    - Message not available
    - Re: so, how would you justify giving users security? [was: Re: botted hosts] Jay R. Ashworth (Apr 04)
    - Re: so, how would you justify giving users security? [was: Re: botted hosts] John Dupuy (Apr 04)
    - Re: so, how would you justify giving users security? Florian Weimer (Apr 04)
    - Re: so, how would you justify giving users security? Niels Bakker (Apr 05)
    - Re: so, how would you justify giving users security? [was: Re: botted hosts] Stephen J. Wilcox (Apr 04)
    - Re: so, how would you justify giving users security? Florian Weimer (Apr 04)
    - Re: so, how would you justify giving users security? Stephen J. Wilcox (Apr 05)
    - Re: so, how would you justify giving users security? Florian Weimer (Apr 04)
    - Re: botted hosts Florian Weimer (Apr 04)
    - Re: botted hosts Christopher L. Morrow (Apr 04)
    - Re: botted hosts Dean Anderson (Apr 04)
    - Re: botted hosts Valdis . Kletnieks (Apr 04)
    - The power of default configurations Sean Donelan (Apr 06)
    - Re: The power of default configurations JP Velders (Apr 06)
    - Re: The power of default configurations Florian Weimer (Apr 06)
    - Re: The power of default configurations Sean Donelan (Apr 06)
    - Re: The power of default configurations Duane Wessels (Apr 07)
    - Re: The power of default configurations Paul Vixie (Apr 07)
    - Re: The power of default configurations Eric A. Hall (Apr 06)

(Thread continues...)