nanog mailing list archives
Re: botted hosts
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 04 Apr 2005 22:01:38 +0200
* Paul Vixie:
hell, as long as we're making a list of the things sender-side network admins should filter on their end since they're innappropriate for the wide area,
Technically, HTTP is inappropriate for wide-area networks. A lot of HTTP applications still do not support persistent connections (resulting in lots of unnecessary round trip delays). HTTP does not perform any checksums, and the TCP checksum alone is insufficient across the Internet (failures are rare, but when they happen, they are reproducible across the affected router). HTTP does not provide confidentiality. The frameworks usually used to build HTTP applications do not offer adequate security, and often encourage risky programming styles. Implementation quality is as poor as it can get. And so on. DNS is even worse, and thanks to DNSSEC, we will never see fixes for the most pressing issues. So "inappropriate" is the wrong word here, "you can filter it and you can get away with it" is closer to reality IMHO.
senders and sender-isp's have a long list of things they have to do in order to not be compared to toxic polluters (a term i believe michael rathbun coined for use in this context, and for which i am thankful.)
But detection and response are more important than prevention. You cannot block 80/TCP bidirectionally, so there will always be a malware problem. At the moment, 25/TCP &c blocks are sufficient to outrun the competition, but this will change as such filters become more and more common. Blocks might be cheaper at this point, but I hope it's economically viable to skip this stage (because it's so disruptive and will only result in more SOAP lookalikes) and invest into the next one.
Current thread:
- Re: so, how would you justify giving users security? [was: Re: botted hosts], (continued)
- Re: so, how would you justify giving users security? [was: Re: botted hosts] Gadi Evron (Apr 04)
- Re: so, how would you justify giving users security? [was: Re: botted hosts] Petri Helenius (Apr 04)
- Message not available
- Re: so, how would you justify giving users security? [was: Re: botted hosts] Jay R. Ashworth (Apr 04)
- Re: so, how would you justify giving users security? [was: Re: botted hosts] John Dupuy (Apr 04)
- Re: so, how would you justify giving users security? Florian Weimer (Apr 04)
- Re: so, how would you justify giving users security? Niels Bakker (Apr 05)
- Re: so, how would you justify giving users security? [was: Re: botted hosts] Stephen J. Wilcox (Apr 04)
- Re: so, how would you justify giving users security? Florian Weimer (Apr 04)
- Re: so, how would you justify giving users security? Stephen J. Wilcox (Apr 05)
- Re: so, how would you justify giving users security? Florian Weimer (Apr 04)
- Re: botted hosts Florian Weimer (Apr 04)
- Re: botted hosts Christopher L. Morrow (Apr 04)
- Re: botted hosts Dean Anderson (Apr 04)
- Re: botted hosts Valdis . Kletnieks (Apr 04)
- The power of default configurations Sean Donelan (Apr 06)
- Re: The power of default configurations JP Velders (Apr 06)
- Re: The power of default configurations Florian Weimer (Apr 06)
- Re: The power of default configurations Sean Donelan (Apr 06)
- Re: The power of default configurations Duane Wessels (Apr 07)
- Re: The power of default configurations Paul Vixie (Apr 07)
- Re: The power of default configurations Eric A. Hall (Apr 06)