Internet attack called broad and long lasting

Gadi Evron ge at linuxbox.org
Wed May 11 12:59:56 UTC 2005


Valdis.Kletnieks at vt.edu wrote:

[snip]

Hi Vladis!

> Actually, it *is* relevant for the "rest of us".
> 
> Given the number of boxen that got whacked, and the number of sites involved,
> "the defender" *is* "the rest of us", and "we as an industry" obviously need
> to get our collective act in gear.  Remember -

Which is exactly my point...

People keep worrying about 0days, when I'd only start worrying about
them once I made sure that current (old) and known vulns can't get me.

Once they are inside, it doesn't matter how they got in until a later
time when you do forensics and try to make sure it doesn't happen again,
which is what I referred to as the defender side.

Fact is, the break in was serious because serious data was stolen.. so
why should the fact it was an old vuln distract us from that except for
perhaps reintroduce the facts that people simply don't do enough
security and/or best practices, which we already knew?

> *Your* boxes may be hardened beyond all belief and plausibility, but you're
> *STILL* screwed if some teenaged kid on another continent has more effective
> control of the router at the other end of your OC-48 than the NOC monkey you
> call when things get wonky....

Well, I suppose it's not really a great idea to wait until things get
wonky to establish good and operational relations with your uplink.

	Gadi.



More information about the NANOG mailing list