nanog mailing list archives
Re: Santa Fe city government computers knocked out by worm
From: Sean Donelan <sean () donelan com>
Date: Sun, 16 Nov 2003 17:12:19 -0500 (EST)
On Sun, 16 Nov 2003, Jamie Reid wrote:
There was a comment (maybe even mine) in a previous thread about accepting a base level of potentially compromised hosts on a network, as the costs of rooting out every last one becomes unwieldly. Networks are large enough that security must be viewed as an economy of controls and risks instead of as a binary state of secure or compromised.
If your policy is not to root out every last one, then you need to beef up your network so a single compromised host doesn't bring down the whole network. The Internet is evidence that a network can continue to operate even with a very large number of compromised machines on a daily basis. On the other hand, if a single user downloading a music file on your network can take your entire network off the air for several days, you may have a problem. I've often tried to explain that ISPs generally view worms as a "capacity planning" issue. Worms change the "eco-system" of the Internet and ISPs have to adapt. But ISPs generally can't "fix" the end-users or their computers. System admins were able to completely eradicate the Morris worm. But most modern worms like Nimda, Code Red I/II, Slammer stick around. Sometimes a new worm like Nachi supplants an older worm like Blaster. Even if the ISP tries to be the great network firewall, we have mobile computers with mobile code. Laptops are too common, connecting to multiple networks.
Current thread:
- Santa Fe city government computers knocked out by worm Sean Donelan (Nov 16)
- Re: Santa Fe city government computers knocked out by worm Steven M. Bellovin (Nov 17)
- <Possible follow-ups>
- Re: Santa Fe city government computers knocked out by worm Dr. Jeffrey Race (Nov 16)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Valdis . Kletnieks (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Scott Francis (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Scott Francis (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm kenw (Nov 17)
- Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Stuart Staniford (Nov 24)
- Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] jmalcolm (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Stuart Staniford (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] jmalcolm (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Sean Donelan (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Stuart Staniford (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Rob Thomas (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Sean Donelan (Nov 25)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Rob Thomas (Nov 25)