North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: botnets: web servers, end-systems and Vint Cerf

  • From: Roland Dobbins
  • Date: Mon Feb 19 11:42:36 2007
  • Authentication-results: rtp-dkim-2; [email protected]; dkim=pass ( sig from verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1478; t=1171903013; x=1172767013; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20botnets=3A=20web=20servers,=20end-systems=20and=20Vin t=20Cerf |Sender:=20 |To:=20NANOG=20<[email protected]>; bh=/ByOzudbQyO88I9HDOI69rxp7lThmuz3I/sQ2fUWAsE=; b=j3Z2WGkZoJ0oRaG0dMNKFus+AccbmH9MCemILX7vMfvS8WW9+RqwZI+bVKOSAvczo5CFz9BV gEyIGhoT0+U/37O1KNLw/7tlmSoZMnv7P9eqtpzftauPyl+xR/XA7LB1;

On Feb 19, 2007, at 8:06 AM, <[email protected]> <[email protected]> wrote:

And if the system designer is creative enough, then
this firewall thingy which is reputed to protect you from bad stuff,
would also download and install the latest patches to protect against
browser exploits. If this is all run on a separate CPU it can also do
some pretty in-depth inspection and do things like block .exe
attachements in email.

If we had some cheese, we could make a ham-and-cheese sandwich, if we had some ham.


This discussion started out with an assertion that that security problem for general-purpose OS endpoints had been 'solved'. It in fact has not been solved for any reasonable degree of solved - there are basic layer-7 problems with the fundamentals such as HTTP (which to most users is 'the Internet), and while there are various efforts to attempt to mitigate these problems via the insertion of inspection/ removal by network devices, these efforts are in their infancy and also introduce other complexities which are corollaries of the canonical end-to-end principle (vs. the common misperception of what the end-to-end principle actually encompasses).

Roland Dobbins <[email protected]> // 408.527.6376 voice

The telephone demands complete participation.

-- Marshall McLuhan