Packet anonymity is the problem?
Steven M. Bellovin
smb at research.att.com
Sun Apr 11 23:05:21 UTC 2004
In message <4079C0BB.80509 at ttec.com>, Joe Maimon writes:
>
>Jeff Workman wrote:
>
>> --On Sunday, April 11, 2004 2:45 PM -0400 Joe Maimon
>> <jmaimon at ttec.com> wrote:
>>
>>> Therefore the "good" people should beat the bad people to the punch and
>>> write the worm first. Make it render the vulnerable system invulnerable
>>> or if neccessary crash it/disable the port etc..... so that the "lazy"
>>> administrators fix it quick without losing their hard drive contents or
>>> taking out the neighborhood.
>>>
>>> Such "corrective" behavior as suggested by you might also be implemented
>>> in such a "proactive" worm.
>>>
>>> How many fewer zombies would there be if this was happening?
>>
>>
>> As I understand it, Netsky is supposed to be such a worm. Doesn't seem
>> to make much of a difference, does it?
>>
>> I thought that Nachi/Welchia was supposed to be such a worm as well,
>> and it ended up doing more harm than good.
>
>One could argue that those were implementation issues, probably
>performed by people who did not know what they were doing.
>
>From a perspective of auto-patch, *no* programmers "know what they're
doing". The state of the art of software engineering, even for
well-designed, well-implemented, well-tested systems, is not good
enough to allow arbitrary "correct" patches to be installed blindly on
a critical system. Let me put it like this: how many ISPs like to
install the latest versions of IOS or JunOS on all of their routers
without testing it first?
>From a purely legal perspective, even a well-written, benevolent worm
is illegal -- the writer is not an "authorized" user of my computer.
But I'd never authorize someone to patch my system, even an ordinary
desktop PC, without my consent -- there are times when I can't afford
to have it unavailable. (Many U.S. residents are in such a state for
the next four days, until they get their income tax returns prepared
and filed. I don't even like installing virus updates at this time of
year.)
Auto-patch is a bad idea that just keeps coming back. Auto-patch by
people other than the vendor, who've done far less testing, is far
beyond "bad".
--Steve Bellovin, http://www.research.att.com/~smb
More information about the NANOG
mailing list