nanog mailing list archives
Re: Packet anonymity is the problem?
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 11 Apr 2004 12:22:43 +0200
On 11-apr-04, at 11:51, Yann Berthier wrote:
Ok, then explain to me how removing bugs from the code I run prevents me from being the victim of denial of service attacks.
It's the other way around in fact: if others were to run (more) secure code, there would be far less boxen used as zombies to launch ddos attacks against your infrastructure, to propagate worms, and to be used as spam relays.
You make two assumptions: 1. denial of service requires compromised hosts 2. good code prevents hosts from being compromisedI agree that without zombies launching a significant DoS is much more difficult, but it can still be done. Also, while many hosts run insecure software, the biggest security vulnerability in most systems is the finger resting on the left mouse button.
Also, waiting for others to clean up their act to be safe isn't usually the most fruitful approach.
While it can sound a bit theorical (to hope that the "others" will run secure code), as the vast majority of users run OSs from one particular (major) vendor, an amelioration of said family of OSs would certainly benefit to all. Just think about all the recent network havocs caused by worms propagating on one OS platform ...
I'm not all that interested in plugging individual security holes. (Not saying this isn't important, but to the degree this is solvable things are moving in the right direction.) I'm much more interested in shutting up hosts after they've been compromised. This is something we absolutely, positively need to get a handle on.
Current thread:
- Re: Packet anonymity is the problem?, (continued)
- Re: Packet anonymity is the problem? Paul Vixie (Apr 10)
- Re: Packet anonymity is the problem? Joe Provo (Apr 11)
- Re: Packet anonymity is the problem? Petri Helenius (Apr 11)
- Re: Packet anonymity is the problem? Joe Maimon (Apr 11)
- Re: Packet anonymity is the problem? Jeff Workman (Apr 11)
- Re: Packet anonymity is the problem? Joe Maimon (Apr 11)
- Re: Packet anonymity is the problem? Jeff Workman (Apr 11)
- Re: Packet anonymity is the problem? Steven M. Bellovin (Apr 11)
- Re: Packet anonymity is the problem? Paul Vixie (Apr 10)
- Re: Packet anonymity is the problem? Yann Berthier (Apr 11)
- Re: Packet anonymity is the problem? Iljitsch van Beijnum (Apr 11)
- Re: Packet anonymity is the problem? Yann Berthier (Apr 11)
- Re: Packet anonymity is the problem? Owen DeLong (Apr 11)
- Re: Packet anonymity is the problem? Henry Linneweh (Apr 11)
- Delayed mail [WAS: Packet anonymity is the problem?] Patrick W . Gilmore (Apr 14)