Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: Helmut Springer <delta () FaVeVe Uni-Stuttgart de>
Date: Sun, 9 Feb 2003 22:59:53 +0100
On 09 Feb 2003 at 21:53 +0100, Schmehl, Paul L wrote:
This analogy is false.
For sure it is not 100% true, as all analogies aren't.
Your phone calls do not affect my ability to connect to the telephone company, nor to do they take down my phone system.
If I'm attacking your line or telco equipment or that of you carrier they will. Limited resources and vulnerable systems, actually this will become more of an issue as medias converge.
Furthermore, while the phone company doesn't decide the topics you can discuss, they most *certainly* control what you can and cannot transmit across their lines.
They do? As long as I stick to the transmission standards (as in "ip" for the internet) I dare to doubt this. A good friend spent some years teaching telco people how to build and run phone networks, so I happen to have little insight here.
Finally, ISPs are not phone companies. They are companies that contract with customers to provide them with a connection to the Internet.
Right, they sell the ability to send and receive ip packets, as already said. Everything else is add on I personally either don't care or will order (e.g. DoS handling at upstreams or whatever kind of service I as a customer would like to have for my site). They might take emergency measures as temporary exceptions to deal with emergency situations.
Internet is the ability to send ip packets from one node to another.No, it's not.
Actually it is, the most basic definition.
It's much more than that. It's the ability to communicate through multiple means and methods. And much more. It is not simply a connection from one node to another. If it *was*, you wouldn't be concerned about blocking ports.
Actually I'm not, you want to do so. I want to be able to send and receive ip packets according to the standards for this, that's it.
However, when your system affects mine, then I am involved.
Yes, when they do so. As long as they don't they are simply none of your business. So don't tell me what ports I should be able to use on my side, feel free to filter to your needs on your side.
Just as you can do anything in the privacy of your own home, but some things will get you arrested in public, you can do anything on your own network, but when you get on the Internet you are in public, and the public has a right to demand certain behaviors from you and inflict certain consequences on you if you fail to comply.
That's liability for things done, as everywhere, no problem.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas
Protect your constituency and make sure it doesn't attack others. If you find some spare time, try to understand internet. But don't try to force others to join a limited network you want to be in. -- MfG/Best regards, "A Feature you cannot disable is helmut springer considered a bug" comp.os.unix _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SQL Slammer - lessons learned, (continued)
- RE: SQL Slammer - lessons learned John . Airey (Feb 07)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- Re: SQL Slammer - lessons learned David Howe (Feb 10)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 10)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
- Re: SQL Slammer - lessons learned Karl DeBisschop (Feb 10)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
- Re: SQL Slammer - lessons learned petard (Feb 10)
- Re: RE: SQL Slammer - lessons learned I.R. van Dongen (Feb 10)
- RE: SQL Slammer - lessons learned John . Airey (Feb 07)