North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Vadim Antonov
  • Date: Thu Jul 31 12:53:05 2003

On 31 Jul 2003, Paul Vixie wrote:

> the anti-nat anti-firewall pure-end-to-end crowd has always argued in
> favour of "every host for itself" but in a world with a hundred million
> unmanaged but reprogrammable devices is that really practical?

Not everything could be hidden behind a firewall, particularly in this
world of increasingly mobile and transient connectivity.

Besides, firewalls only protect against outsiders, whereas most damaging
attacks are from insiders.

What we need is a new programming paradigm, capable of actually producing
secure (and, yes, reliable) software.  C and its progeny (and "program
now, test never" lifestyle) must go.  I'm afraid it'll take laws which
would actually make software makers to pay for bugs and security
vulnerabilities in shipped code to make such paradigm shift a reality.

--vadim