Vulnerability Development mailing list archives
Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 7 Sep 2001 01:24:48 -0500 (CDT)
Ahh, but this is what is being asked for according to the recent SANS mailings, folks what the core providers to be more active and take more responsibility for -=their=- clients. How better to police and block those under their domain? Thanks, Ron DuFresne On Thu, 6 Sep 2001, Gert-Jan Hagenaars wrote:
Apparently, Stanley G. Bubrouski wrote: % On Thu, 6 Sep 2001, Emre Yildirim wrote: % % It may sound unreasonable but using access-lists on routers on routers is % great way for companies and providers to stop the spread of Code Red. By % blockign all traffic from a person's machine they are then forced to call % their provider's tech support to report they lost their connection. The % provider then can inform the customer they are infected, explain to them % they must patch their system, remove them from the ACLs, wait 24 hours and % if they show signs they are patched then do not reapply the ACL. This doesn't work on machines that connect via DHCP. The whole notion of using manhours to combat a DOS attack is an out of date idea. Besides, you're turning the problem into a problem for the ISPs. Which (essentially) means that you're turning the ISPs into internet-cops. I see four distinct problems with this approach: on one server we got about 1200 distinct hits of code-red in 24 hours. (first problem) How many thousands of emails do I have to send in a week to get through to the ISPs, and (second problem) who's going to handle all these requests in a timely manner and (third problem) judge the validity of my claims? And, (fourth problem) who's going to pick up the bill for calling all these customers? Consider the cost of a support call when a customer calls an ISP (CDN 7 about four years ago (when I worked for an ISP), very likely higher now), and that's when you don't have to spend time finding out which number to call, nor having to find the right person at the other end of the phone ("my son always takes care of this stuff, but I can't get to yahoo and i'm paying you guys for my internet connection!") If your proposed approach worked, we wouldn't have any SPAM either. And that's an area where (most) ISPs _want_ to battle this. I think a passive inoculation (worm) that doesn't seek out victims, but only counters infected systems (where the admins (if they exist) don't care) is a far better approach. It's certainly more cost effective, definitely quicker and obviously less prone to error. So... where's the linux version? CHeers, Gert-Jan. -- +++++++++++++ -------- +++++ --- ++ - +0+ + ++ +++ +++++ ++++++++ +++++++++++++ sed '/^[when][coders]/!d G.J.W. Hagenaars -- gj at hagenaars dot com /^...[discover].$/d Remembering Mike Carty 1968-1994 /^..[real].[code]$/!d UltrixIrixAIXHPUXSunOSLinuxBSD, nothing but nix ' /usr/dict/words I'm Dutch, what's _your_ excuse?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- permission (was: Re: illegal cheer, (continued)
- permission (was: Re: illegal cheer Meritt James (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ron DuFresne (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Emre Yildirim (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Kev (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Emre Yildirim (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ron DuFresne (Sep 06)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) John R. Morris (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Gert-Jan Hagenaars (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ron DuFresne (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) abel (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Gert-Jan Hagenaars (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 07)
- Message not available
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) .MetsyS. (Sep 06)
- AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander (Sep 05)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Patrick Patterson (Sep 07)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) t. patrick o'hara (Sep 06)