nanog mailing list archives
Re: misunderstanding scale (was: Ipv4 end, its fake.)
From: Nick Hilliard <nick () foobar org>
Date: Sun, 23 Mar 2014 20:23:06 +0000
On 23/03/2014 18:39, Mark Andrews wrote:
As for printers directly reachable from anywhere, why not.
because in practice it's an astonishingly stupid idea. Here's why: chargen / other small services ssh www buffer overflows open smtp relays weak, default or non existent passwords information leakage from non-protected services and so forth. Nothing wrong with global reachability, don't get me wrong - and if I thought for a pico-second that printers or any other connectible device took even the most basic steps at handling security fundamentals, I might even be ok about the idea. But they don't: printer drivers and interface firmware are written by people whose only ability is relaying eps and pcl files from one socket to another and pumping their code full of rage-inducing bloatware, the only purpose of which is to serve the blind whims of idiotic product managers who derive a sadistic satisfaction from ensuring that their products interfere as much as humanly possible with the process of committing ink and toner to paper. Security management doesn't even get a look in. 12 months after market debut, printer firmware updates cease forever for that particular model, and the inevitable result is a line-rate bot spewing obnoxious crap until the day that the device is thrown on to the scrap heap that it deserved when it was first unpacked. Exactly the same principal applies to pretty much any consumer device, although I admit that printers are worse offenders than most. We can all agree that what's needed here is full consumer choice and the ability to address things globally, should one desire to do so. In practice, default deny is more sensible approach to handling the reality of connecting devices to a public network. Nick
Current thread:
- Re: misunderstanding scale, (continued)
- Re: misunderstanding scale Chip Marshall (Mar 27)
- Re: misunderstanding scale Barry Shein (Mar 27)
- Re: misunderstanding scale, SMTP edition John Levine (Mar 26)
- Re: misunderstanding scale, SMTP edition Jack Bates (Mar 26)
- Re: misunderstanding scale, SMTP edition Lamar Owen (Mar 26)
- Re: misunderstanding scale, SMTP edition Tony Finch (Mar 26)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Saku Ytti (Mar 23)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Tinka (Mar 23)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Andrews (Mar 23)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Tinka (Mar 23)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Nick Hilliard (Mar 23)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Andrews (Mar 23)
- Re: misunderstanding scale Nick Hilliard (Mar 23)
- Re: misunderstanding scale bmanning (Mar 23)
- Re: misunderstanding scale Mark Andrews (Mar 23)
- Re: misunderstanding scale Matt Palmer (Mar 23)
- RE: misunderstanding scale Ray (Mar 23)
- Re: misunderstanding scale Mark Tinka (Mar 23)
- Re: misunderstanding scale Nick Hilliard (Mar 24)
- Re: misunderstanding scale Mark Tinka (Mar 24)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Tinka (Mar 23)