Re: SMTP server (How can I find out the real source of an attack

["Nick FitzGerald" <nick () virus-l demon co uk>]

"Pavel Kankovsky" <peak () argo troja mff cuni cz> wrote:

> I see a trend: Yesterday, the Internet was a happy place free of DoS
> attacks. Today, we suffer from a relatively small number of intentional
> DoS attack. Tomorrow, the whole Internet will collapse under a massive
> wave of accidental DoS attacks caused by braindead software written and
> configured by ignorant people. :P

And this is largely because of current "accepted good practice"...

How often in this and related lists (and in the RFCs, etc) do you see 
advice such as "be generous in what you accept..."?  Because many 
implementors are so "generous" (but in differently incompatible ways) 
it is easy for a bad/lazy/stupid implementor to build and test an 
implementation that works well in all (the limited) ways s/he 
conceives to test against the limited other implementations chosen as 
for those tests.

The result is an ever-increasing amount of crappy, non-standard 
compliant code being put into production.

And, as Pavel notes, when you then deliver this to people who have no
idea of what the standard is or how to "properly" configure their
system anyway, things starts swirling more and more rapidly down the
drain.


The really sad thing is, many developers' "solution" to the fact that 
yet another non-standards compliant implementation has been foisted 
on the market by a competitor is to rush out and "break" their own 
product so it inter-operates with the rubbish...



Regards,

Nick FitzGerald


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com