nanog mailing list archives

Re: Spitballing IoT Security

From: Hugo Slabbert <hugo () slabnet com>
Date: Mon, 24 Oct 2016 15:21:48 -0700

It's possible you might have wanted to read the link for the context thatpointed this out as sarcastic hyperbole, though the text as-is could(unfortunately) have been read as serious.


--
Hugo Slabbert       | email, xmpp/jabber: hugo () slabnet com
pgp key: B178313E   | also on Signal

On Mon 2016-Oct-24 17:17:43 -0500, Mike Hammett <nanog () ics-il net> wrote:

There's a buffer overrun in some software, so let's just remove all passwords (and keys), since they can get in anyway.





Just pointing out flawed logic.




-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

----- Original Message -----

From: "J. Oquendo" <joquendo () e-fensive net>
To: "Steve Mikulasik" <Steve.Mikulasik () civeo com>
Cc: nanog () nanog org
Sent: Monday, October 24, 2016 3:53:25 PM
Subject: Re: Spitballing IoT Security

On Mon, 24 Oct 2016, Steve Mikulasik wrote:

if we automatically blackholed those IPs as they get updated it could put a big dent in the effectiveness of Zeus.


That would involve someone lifting a finger and implement
a config change. Much easier to implement BCP38 or was it
RFC 4732? Would never work the moment someone has to lift
a finger.

/*
I think I'll change my position on BCP38. It's pointless to try
blocking spoofed source addresses because:

* It doesn't solve every single problem
* It means more effort for service providers
* It requires more CPU processing power
* Using it will generate smarter "black hats".

https://www.nanog.org/mailinglist/mailarchives/old_archive/2004-10/msg00132.html

*/


--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463

Attachment: signature.asc
Description: Digital signature

Current thread:

Re: Spitballing IoT Security, (continued)
- - - Re: Spitballing IoT Security Jim Hickstein (Oct 30)
    - Re: Spitballing IoT Security Eliot Lear (Oct 27)
    - RE: Spitballing IoT Security Keith Medcalf (Oct 28)
    - Re: Spitballing IoT Security Alan Buxey (Oct 29)
    - Re: Spitballing IoT Security Chris Boyd (Oct 25)
    - Re: Spitballing IoT Security Eliot Lear (Oct 28)
    - Re: Spitballing IoT Security bzs (Oct 25)
    - RE: Spitballing IoT Security Steve Mikulasik (Oct 24)
    - Re: Spitballing IoT Security J. Oquendo (Oct 24)
    - Re: Spitballing IoT Security Mike Hammett (Oct 24)
    - Re: Spitballing IoT Security Hugo Slabbert (Oct 24)
    - Re: Spitballing IoT Security Mike Hammett (Oct 24)
    - Re: Spitballing IoT Security bzs (Oct 24)
    - Re: Spitballing IoT Security Rich Kulawiec (Oct 26)
    - Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
    - Re: Spitballing IoT Security Mel Beckman (Oct 26)
    - Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
    - Re: Spitballing IoT Security Mel Beckman (Oct 26)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
    - Re: Spitballing IoT Security Valdis . Kletnieks (Oct 26)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)

(Thread continues...)