nanog mailing list archives
Re: The Internet's Immune System
From: "Christopher X. Candreva" <chris () westnet com>
Date: Wed, 12 Nov 2003 13:36:51 -0500 (EST)
On Wed, 12 Nov 2003, David A. Ulevitch wrote:
Automated techniques are the only thing that will stop it but is your idea "fast enough?" I don't think so. Relying on user reports is good for compromises and spambots but it won't do anything to stop CodeRed or Nimda.
True -- but I did say that this was a:
mechanism for various firewalls, intrusion detection systems, etc to talk to each other to solve problems as quickly as possible.
I don't think anything comes close to that today.
No, nothing does. This is a start. The example I gave of a command line tool was just that. The idea is a framework that people and tools can use to exchange information. I think the protocol itself -- the underlying system -- is what will be important. The command line program would be the second part of "Rough consensus and working code". As with DNS and web servers, I expect there would be many implementations, from inclusion in firewall programs to CPAN modules. ========================================================== Chris Candreva -- chris () westnet com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Current thread:
- Portscans/PROXY scans John_York (Nov 01)
- Re: Portscans/PROXY scans Sean Donelan (Nov 01)
- Re: Portscans/PROXY scans Suresh Ramasubramanian (Nov 01)
- Re: Portscans/PROXY scans Paul Vixie (Nov 01)
- Re: Portscans/PROXY scans Andrew D Kirch (Nov 02)
- Re: Portscans/PROXY scans Matthew Sullivan (Nov 02)
- Re: Portscans/PROXY scans Paul Vixie (Nov 02)
- The Internet's Immune System Christopher X. Candreva (Nov 12)
- Re: The Internet's Immune System David A. Ulevitch (Nov 12)
- Re: The Internet's Immune System Christopher X. Candreva (Nov 12)
- Re: Portscans/PROXY scans Suresh Ramasubramanian (Nov 01)
- Re: The Internet's Immune System Bryan Bradsby (Nov 12)
- Re: Portscans/PROXY scans Sean Donelan (Nov 01)
- <Possible follow-ups>
- RE: Portscans/PROXY scans John_York (Nov 01)