Packet anonymity is the problem?
Steven M. Bellovin
smb at research.att.com
Sun Apr 11 23:09:14 UTC 2004
In message <C7AA377F-8B92-11D8-8702-000A95CD987A at muada.com>, Iljitsch van Beijn
um writes:
>
>
>> Bellovin compared the situation to bank robberies. "[S]treets,
>> highways
>> and getaway cars don't cause bank robberies, nor will redesigning
>> them
>> solve the problem. The flaws are in the banks," he said. Similarly,
>> most
>> security problems are due to buggy code, and changing the network
>> will
>> not affect that.
>
>Ok, then explain to me how removing bugs from the code I run prevents
>me from being the victim of denial of service attacks.
>
That's where my analogy breaks down -- but you're being victimized
largely because of bugs in code other people run. I stand by my
statement: most of the security problems we have on the
Internet are due to buggy code. (If you want to stretch the analogy,
imagine a bogus newspaper report that stimulates uncritical readers to
withdraw their money. It's called a run on the bank, and it's every
bit as much a denial of service issue as excess packet floods -- bank
runs are transaction rates much greater than what the (financial)
system was designed to handle. And when they're triggered by false
rumors -- well, you get the picture, and my metaphors are stretched too
thin as is.)
--Steve Bellovin, http://www.research.att.com/~smb
More information about the NANOG
mailing list