The Death of TCP/IP
andrew2 at one.net
andrew2 at one.net
Mon Aug 6 17:56:47 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> Raw socket support in NOT a bad thing. I wonder if Robert
>> Cringely and Steve Gibson are friends.
>>
>True, Raw socket support alone is NOT a bad thing. Raw socket
>support on
>hundreds of thousands of hosts that have well known exploitable
>holes that
>can easily be used by any script kiddie to generate widespread DDOS
>attacks
>in a completely anonymous fashion little more than a downloaded
>script are a bad thing. You'll notice he didn't rail against raw
>socket
>support
>in NT, *Nix, etc. He railed against an OS with all the security of
>Win3.1
>being given raw socket support.
Not to flog a dead horse here, but if everyone would simply apply
proper ingress/egress filters at their borders this would all be a
moot point. It's hard to perpetrate an anonymous dDOS attack if the
packets aren't making it out of the originating network...and given
that this is, after all, a list for *network operators* it really
shouldn't be necessary to continually point this out.
Andrew
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO27aX9U0NpnwXzrpEQInuwCdE7Rg7F7/IQp7nYfhBGasSWabTcUAn0ke
kqsNEwLckWCPIlWZB/bWLPxA
=hEEn
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list