North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Level3 routing issues?

  • From: Michael Lamoureux
  • Date: Sun Jan 26 12:21:55 2003 
 "dave" == Dave Stewart <[email protected]> writes:

dave> I've seen various references to this worm firing off and
dave> saturating networks worldwide within 1 minute... if *that* isn't
dave> scary, I don't know what is.  It shows that someone, with the
dave> right tools and enough vulnerable servers can take out a good
dave> portion of the Internet in seconds.  And how can we predict
dave> *every* possible issue and block it?

Exactly!!  This is why the Right Answer (TM) is to get end-users to
secure their systems and networks so that an attacker can't get a
critical mass of hosts in 1 minute (or even 1 month).  You can only do
so much on the ISP networks.  At some point, everyone needs to admit
that it's impossible for us to win this battle as long as people are
allowed to not care about the security of their systems.

I still remember the despair I felt at how successful the sadmind worm
was with Solaris and Windows vulnerabilies that were over 2 years
old.  Hell, that was a long time ago, and I bet there are still
systems on the Internet that have those vulnerabilies.  I mean, that's
negligence if anything is.


dave> I think there's only so much one can do in advance.  Sure, we
dave> all know we shouldn't have these servers exposed, but again,
dave> many are in the position of having to leave them open to some
dave> extent - case in point, I have a developer who uses dialup
dave> (because he's in the sticks in northern Georgia, and nothing
dave> else is available, and he's a skinflint who uses the free or
dave> nearly-free dialup providers)... he's also not going to use a
dave> VPN... he'll just bitch because he can't get to the server.

Note that in the case of a worm, a VPN could work against you.  If you
have all the right filters in place at your "perimeter" and yet let
your employees in through a VPN solution of some sort, you could still
be screwed if one of their home systems gets infected somehow.


IMHO,
Michael