DNS issues various

• Previous message (by thread): DNS issues various
• Next message (by thread): DNS issues various
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 24 Oct 2002 Valdis.Kletnieks at vt.edu wrote:

> On Thu, 24 Oct 2002 18:01:44 -0000, "Kelly J. Cooper" <kcooper at genuity.net>  said:
>
> > So, seven years of hardening hosts against SYN attacks.  Five years of
> > trying to get people to turn off the forwarding of broadcast packets.
> > Three years of botnets generating meg upon meg of crap-bandwidth.
> >
> > Where are the suuuuuper-geniuses?
>
> You know, most bars have bouncers at the door that check IDs.  Sure, they're
> not perfect, but the bartender can usually be pretty sure the guy ordering a
> beer is over 21. The average bar isn't run by a soooper-genius.  But it's still
> considered fashionable to let packets roam your network without an ID check at
> the door.

Yeah and how's that working so far?

> soooper-genius solutions aren't going to help any when there's a lot of
> address space that's managed by Homer Simpson....

But there will always be address space managed by Homer Simpson.

And that's part of my point - we can't fix everybody's networks.  There
will always be broken/misconfigured networks run by the willfully
ignorant.

We've been in an arms race for years.  They come up with something, we
come up with a response, they come up with something else, we scramble to
find router OS code that doesn't crash, etc.

It's just back and forth, back and forth.

All I'm advocating is breaking out of that pattern.

Kelly J.
--
Kelly J. Cooper        -  Security Engineer, CISSP
GENUITY                -  Main # - 800-632-7638
Woburn, MA 01801       -  http://www.genuity.net

• Previous message (by thread): DNS issues various
• Next message (by thread): DNS issues various
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]