nanog mailing list archives
Re: Broadband routers and botnets - being proactive
From: Sean Donelan <sean () donelan com>
Date: Sun, 13 May 2007 14:06:37 -0400 (EDT)
On Sun, 13 May 2007, Florian Weimer wrote:
Fortunately, there is a simple solution to this kind of problem: ISPs are very likely liable if they fail to alert customers about security problems, and do not provide updates in a timely manner. After a few painful incidents, the ISPs will learn, and either ship better software (unlikely) or implement some kind of patch management. With a bit of luck, the latter does not just shift back liability back to the customer, but also helps to parly solve the problem (in the sense that CPE attacks are less attractive).
It won't solve the problem. ISPs will simply stop distributing CPE, andtell customers to buy CPE from their nearest electronics store (Best Buy, Radio Shack, or the equivilent in other countries). If you thought it
was hard getting ISPs to patch CPE, try getting electronics stores to patch the CPE. Look at the ancient bugs in D-Link, Linksys, Netgear boxes that consumers haven't figured out how to patch for years. You really need to identify the sources and fix it there.
Current thread:
- Broadband routers and botnets - being proactive Gadi Evron (May 11)
- Re: Broadband routers and botnets - being proactive Albert Meyer (May 11)
- Re: Broadband routers and botnets - being proactive Suresh Ramasubramanian (May 12)
- Re: Broadband routers and botnets - being proactive Florian Weimer (May 13)
- Re: Broadband routers and botnets - being proactive Sean Donelan (May 13)
- Re: Broadband routers and botnets - being proactive Gadi Evron (May 13)
- Re: Broadband routers and botnets - being proactive Colin Johnston (May 13)
- Re: Broadband routers and botnets - being proactive Chris L. Morrow (May 13)
- Re: Broadband routers and botnets - being proactive Gadi Evron (May 13)
- Re: Broadband routers and botnets - being proactive Sean Donelan (May 13)
- Re: Broadband routers and botnets - being proactive Gadi Evron (May 14)
- Re: Broadband routers and botnets - being proactive Sean Donelan (May 14)
- Re: Broadband routers and botnets - being proactive Suresh Ramasubramanian (May 12)
- Re: Broadband routers and botnets - being proactive Albert Meyer (May 11)
- Re: Broadband routers and botnets - being proactive Joel Jaeggli (May 13)