North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: botnets: web servers, end-systems and Vint Cerf [LONG, sorry]

  • From: J. Oquendo
  • Date: Mon Feb 19 14:26:13 2007

[email protected] wrote:
And you'll need to de-install IE and Outlook,

This will not happen. Not even remotely.

Thus ensuring that Firefox/Thunderbird will be the main target of the
malware people. Is this necessarily any better? Note that Windows
provides an extensive series of hooks which can be used by an
application which wishes to subvert the normal operation of the OS. That
subversive application could be the security monitor which is required
by the ISP for Internet access because it is recommended in your

I concur with ISP's looking for IE as some form of guideline. Stupid story... So I call Cox because for the 8mb down I am supposed to be getting, I was maxing out at 2mb, not a big deal.

TechGirl: Can you go to your start menu...
Me: No I don't use Windows
TechGirl: Please hold
TechGirl: (five minutes later) Are you using OSX?
Me: No. Using Solaris, what would you like me to do?
TechGirl: Please hold
TechGirl: (minutes later) We don't support Solaris
Me: What does an operating system have to do with lousy bandwidth...
TechGirl: Please hold
TechGirl: (minutes later) I have to escalate this to my manager
TechGirl: Please hold
Manager: Please go to your start menu...
Me: No. As stated I'm not on Windows nor OSX. I use Solaris and I AM CONNECTED the service is horrible
Manager: Well we only support Windows and OSX
Me: (*ponders what this has to do with cruddy connectivity) Forget it... (Plugs in Windows laptop to make things easier).

ISP's have come to rely on the bane of their client's issues. Asking someone to remove IE only to have their support group look for it is a nightmare in itself. Too many people have become so overdependent on Windows.

We live in a complex world. Computers are more complex than they were.
OSes are more complex. Apps are more complex. Networks are more complex.
And SOLUTIONS are more complex. But if the designers of computers, OSes,
apps and networks can deal with the complexity, why can't security folks
do likewise?

The issue of security folks dealing with complexities is, they shouldn't have to when it comes to 65% of the problems which lead to incidents. Why should an ISP have to deal with issues that have nothing to do with their networks. I get calls day and night from VoIP customers: "My service is down your service sucks...."

2007-02-19 00:23:36 '212XXX6428' at [email protected]:5060 for 3600
2007-02-19 07:59:43 '212XXX6428' at [email protected]:5060 for 3600
2007-02-19 10:58:44 '212XXX6428' at [email protected]:5060 for 3600
2007-02-19 12:58:05 '212XXX6428' at [email protected]:5060 for 3600

This client goes up and down like a see-saw at least 8 times a day. Their provider is horrible. Why should I spend resources trying to fix what has nothing to do with my company. Same applies to anyone in the security industry to a degree. A security engineer can only do so much given parameters most work with. "We're a Windows only shop!" touted the MCSE with glee as he wondered why he spent so much time rebooting.

That actually sounds like an answerable question, if a company took it
seriously enough. If the senders and receiver are both on your network,
your finance department should be able to come up with some cost

They won't because they haven't been pressed to do so, and it is rare that someone will take it upon themselves to do a good deed when it comes to situations like this.

Roland Dobbins wrote:

> NATting firewalls don't help at all with email-delivered malware, browser exploits, etc.

Antivirus and ad-aware like programs almost often do when used appropriately. It boils down to education which won't happen. If forced however it is a different story so again I will point to customer sandboxing.

And yes firewalls do help if configured properly on the business side of things. I use the same brute forcing script to create firewall rules to block IN AND OUT those offensive networks. So even if say a machine were to get infected, its only momentarily before I catch it, but this is my network(s) and those I manage/maintain. I have zero tolerance for junk and don't mind blocking a /8 if needed. People want to complain then I point out logfiles with information on why their entire class is blocked.

[email protected] wrote:

None of this is rocket science. The hardware available today can do
this. This hardware is not expensive. It does, however, require systems
vendors to have a bit of imagination and that seems to be in rather
short supply in the modern world.

Why would a vendor put all their eggs in one basket. "Brand New AntiVirus software... Guaranteed to stop hackers! Only $49.99 per year...", "Brand New AntiMalware software... Guaranteed to stop hackers! Only $19.99 a year!", "Brand New Intrusion Detection Prevention Dissemination Articulation software... Guaranteed to stop nuclear weapons of mass destruction... Guaranteed to keep you off of the Internet..."

A vendor isn't going to do much, its truly not in their best interest to halt this garbage... So the irony goes out to again, Microsoft for selling security products that should be implemented beforehand.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature