nanog mailing list archives
Re: Worms versus Bots
From: Valdis.Kletnieks () vt edu
Date: Thu, 06 May 2004 11:08:42 -0400
On Thu, 06 May 2004 11:45:23 +0200, Iljitsch van Beijnum said:
I object to the idea that requiring a software firewall inside a host is a reasonable thing to do. Why on earth would I want to run an insecure service and then have a filter to keep it from being used?
You object to it, I object to it... but the fact remains that 95% of the user-accessible CPUs (not counting the embedded market) are running software that you have to do unreasonable things in order to make it anywhere near safe to use....
Either I really want to run the service, and then the firewall gets in the way, or I don't need the service to be reachable, so I shouldn't run it. System services should only be available over the loopback address. Now obviously this is way too simple for some OS builders, but we shouldn't accept their ugly hacks as best current practice.
"Best Current Practice" is *so* divergent from "Currently Deployed Practice" that there's little or no common ground.
Attachment:
_bin
Description:
Current thread:
- Re: FW: Worms versus Bots, (continued)
- Re: FW: Worms versus Bots Robert E. Seastrom (May 05)
- Re: FW: Worms versus Bots Alexei Roudnev (May 06)
- Re: FW: Worms versus Bots Chris Adams (May 07)
- Re: FW: Worms versus Bots Jeff Shultz (May 07)
- Re: FW: Worms versus Bots Alexei Roudnev (May 07)
- Message not available
- RE: FW: Worms versus Bots Daniel Senie (May 04)
- RE: FW: Worms versus Bots Rob Nelson (May 04)
- Re: Worms versus Bots Iljitsch van Beijnum (May 06)
- Re: Worms versus Bots Valdis . Kletnieks (May 06)