management interface accessability (was Re: Worm / UDP1434)
Chris Wedgwood
cw at f00f.org
Sun Jan 26 19:23:10 UTC 2003
On Sun, Jan 26, 2003 at 06:56:48PM +0000, Paul Vixie wrote:
> in fairness to microsoft, there have been worms based on apache and
> bind and popper and fingerd (buffer overruns) and even sendmail
> (wizard password) so the wide scale code review one gets from open
> source software engineering is only a marginal solution to
> monocultural weakness vectors.
i wasn't pointing at microsoft
i was pointing out that leaving software completely exposed when it
need not be is potentially problematic
perhaps[1] this is worse for software which is used mostly for local
connections (ie. LAN, internal network, etc.) such as SQL servers as
opposed to software which is designed and/or required to accept
connections from all over such as a web-server or MTA
--cw
[1] where often a higher degree of paranoia exists in the programmers
mind and also the likely hood of wide-spread problems being reported
appears to be greater
More information about the NANOG
mailing list