Solaris telnet vuln solutions digest and network risks

• Previous message (by thread): Solaris telnet vuln solutions digest and network risks
• Next message (by thread): Solaris telnet vuln solutions digest and network risks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 14 Feb 2007, Robert E. Seastrom wrote:
> 
> 
> <michael.dillon at bt.com> writes:
> 
> > Do you know of any network operators who have no Solaris boxes at all
> > used in the management of some part of their network? Seems to me that
> > it is very common for network operators to use Solaris boxes to manage
> > their networks. And while they may have ACLs to prevent access from the
> > outside world, this probably does not prevent employee access. So it is
> > a big deal when there is an exploit that allows anyone to break into
> > these management devices.
> 
> http://www.nanog.org/endsystem.html
> 
> Solaris (and {windows, mac, voip phone, snmp toaster } ) vulnerabilities
> are not on-topic for nanog at .

Often I'd agree. This is not such a case. End-systems today when managed
together or handled together are indeed a topic which concerns service
providers today and affects operations in a serious fashion.

Fact of the matter is many ISPs spent the entire of yesterday and will
probably repeat that today with their entire network and security teams
dedicated to this issue. Unfortunately, BGP is not all we care about
anymore.

My post was written for NANOG as can be seen by my first few bullets and
then reposted to other interested places where sysadmins hang
out. Why? Because it was needed.

This is not about the security or management of this or that end system,
but rather maintaining the ISP itself and its operations.

Another good example for this was introduced just a few days ago with the
web server botnets. Any ISP here with a hosting farm knows how much
resources wasted and pain in general was spent in that direction, trying
to maintain it and the ISP's security, not to mention the botnets just
running undisturbed.

Let's not hide behind the past. What an "end system" may mean in that post
is undebiable, what an "end system" means to us changed drastically since
1998.

We may not care about phishing or this or that virus here, but we do about
things we need to *deal with on our networks*. By we I obviously can't
mean all of us, but not all of us can handle all that an ISP would care
about from a network standpoint. Some only care about BGP, others only
about DNS. Yet more others only about security. What we have here is a
clash of cultures with changing times.

	Gadi.

• Previous message (by thread): Solaris telnet vuln solutions digest and network risks
• Next message (by thread): Solaris telnet vuln solutions digest and network risks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]