botnets: web servers, end-systems and Vint Cerf [LONG, sorry]

• Previous message (by thread): Counting tells you if you are making progress
• Next message (by thread): botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

michael.dillon at bt.com wrote:
>> And you'll need to de-install IE and Outlook,
>>     
>
>   
This will not happen. Not even remotely.

> Thus ensuring that Firefox/Thunderbird will be the main target of the
> malware people. Is this necessarily any better? Note that Windows
> provides an extensive series of hooks which can be used by an
> application which wishes to subvert the normal operation of the OS. That
> subversive application could be the security monitor which is required
> by the ISP for Internet access because it is recommended in your
> guidelines.
>
>   
I concur with ISP's looking for IE as some form of guideline. Stupid 
story... So I call Cox because for the 8mb down I am supposed to be 
getting, I was maxing out at 2mb, not a big deal.

TechGirl: Can you go to your start menu...
Me: No I don't use Windows
TechGirl: Please hold
TechGirl: (five minutes later) Are you using OSX?
Me: No. Using Solaris, what would you like me to do?
TechGirl: Please hold
TechGirl: (minutes later) We don't support Solaris
 Me: What does an operating system have to do with lousy bandwidth...
TechGirl: Please hold
TechGirl: (minutes later) I have to escalate this to my manager
TechGirl: Please hold
Manager: Please go to your start menu...
Me: No. As stated I'm not on Windows nor OSX. I use Solaris and I AM 
CONNECTED the service is horrible
Manager: Well we only support Windows and OSX
Me: (*ponders what this has to do with cruddy connectivity) Forget it... 
(Plugs in Windows laptop to make things easier).

ISP's have come to rely on the bane of their client's issues. Asking 
someone to remove IE only to have their support group look for it is a 
nightmare in itself. Too many people have become so overdependent on 
Windows.

> We live in a complex world. Computers are more complex than they were.
> OSes are more complex. Apps are more complex. Networks are more complex.
> And SOLUTIONS are more complex. But if the designers of computers, OSes,
> apps and networks can deal with the complexity, why can't security folks
> do likewise?
>
>   
The issue of security folks dealing with complexities is, they shouldn't 
have to when it comes to 65% of the problems which lead to incidents. 
Why should an ISP have to deal with issues that have nothing to do with 
their networks. I get calls day and night from VoIP customers: "My 
service is down your service sucks...."

2007-02-19 00:23:36 '212XXX6428' at 212XXX6428 at 71.231.xxx.xxx:5060 for 3600
2007-02-19 07:59:43 '212XXX6428' at 212XXX6428 at 71.231.xxx.xxx:5060 for 3600
2007-02-19 10:58:44 '212XXX6428' at 212XXX6428 at 71.231.xxx.xxx:5060 for 3600
2007-02-19 12:58:05 '212XXX6428' at 212XXX6428 at 71.231.xxx.xxx:5060 for 3600

This client goes up and down like a see-saw at least 8 times a day. 
Their provider is horrible. Why should I spend resources trying to fix 
what has nothing to do with my company. Same applies to anyone in the 
security industry to a degree. A security engineer can only do so much 
given parameters most work with. "We're a Windows only shop!" touted the 
MCSE with glee as he wondered why he spent so much time rebooting.


> That actually sounds like an answerable question, if a company took it
> seriously enough. If the senders and receiver are both on your network,
> your finance department should be able to come up with some cost
> figures.
>   

They won't because they haven't been pressed to do so, and it is rare 
that someone will take it upon themselves to do a good deed when it 
comes to situations like this.

Roland Dobbins wrote:

 > NATting firewalls don't help at all with email-delivered malware, 
browser exploits, etc.

Antivirus and ad-aware like programs almost often do when used 
appropriately. It boils down to education which won't happen. If forced 
however it is a different story so again I will point to customer 
sandboxing.

And yes firewalls do help if configured properly on the business side of 
things. I use the same brute forcing script to create firewall rules to 
block IN AND OUT those offensive networks. So even if say a machine were 
to get infected, its only momentarily before I catch it, but this is my 
network(s) and those I manage/maintain. I have zero tolerance for junk 
and don't mind blocking a /8 if needed. People want to complain then I 
point out logfiles with information on why their entire class is blocked.

michael.dillon at bt.com wrote:

> None of this is rocket science. The hardware available today can do
> this. This hardware is not expensive. It does, however, require systems
> vendors to have a bit of imagination and that seems to be in rather
> short supply in the modern world.


Why would a vendor put all their eggs in one basket. "Brand New AntiVirus software... Guaranteed to stop hackers! Only $49.99 per year...", "Brand New AntiMalware software... Guaranteed to stop hackers! Only $19.99 a year!", "Brand New Intrusion Detection Prevention Dissemination Articulation software... Guaranteed to stop nuclear weapons of mass destruction... Guaranteed to keep you off of the Internet..."

A vendor isn't going to do much, its truly not in their best interest to halt this garbage... So the irony goes out to again, Microsoft for selling security products that should be implemented beforehand.






-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070219/aaaa9d36/attachment.bin>

• Previous message (by thread): Counting tells you if you are making progress
• Next message (by thread): botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]