Broadband routers and botnets - being proactive
jgreco at ns.sol.net
Wed May 16 03:49:14 UTC 2007
Bearing in mind that I'm not especially a fan of Gadi,
> The thing is it would be really nice to have some functional separation
> between the business of this list which is operating a network, and the
> security focused lists, and the botnet/phishing/spam lists, addressing
> policy lists, the internet standards list, and so forth.
The thing is that there's always been too much functional separation
between the business of this list which is operating a network, and the
security focused lists. The business of operating a network has often
conveniently ignored anything that doesn't actually cause the network to
collapse, but which regardless makes the network a less-than-nice place
Is spam directly related to the business of Network A peering via BGP
to Network B? Doubtful.
However, where does that change? What sort of things are operational?
As long as we choose to interpret "operating a network" as being merely
things that involve enable on a router, yes, it's way off-topic. Sadly,
many (most?) networks view their operation in a way that emphasizes this
sort of attitude. As a result, we still don't have basic security things
that should /also/ be a fundamental part of netops, such as BCP38 at any
point where it is reasonable to do so (like at virtually every edge).
> You and I and lots of other people on this list are on on many or all of
> those sorts of lists.
In most organizations larger than a handful of people, the netops people
are not necessarily the same as the security people, and I've often found
that the groups do not understand issues happening in the other arena.
> While cross-pollination is acceptable and in fact
> desired dragging the business of one group of community interests in to
> the domain of another is not appropriate.
Were they all truly separate, this would be true. They're not all truly
separate. Pretending that they're separate would be a convenient way to
allow your network to continue peeing in the pool, ignoring problems,
which (sadly) doesn't seem to be an unusual attitude at certain networks.
Those of us who have been implementing BCP38-style filtering since before
BCP38 existed, on the other hand, may take a slightly more mature view of
what "network operations" involves, and it sure covers a lot more ground
than what you can do with enable on a router.
I do not consider host security to be directly connected to netops.
However, it certainly has an impact, and to a certain extent, a little
occasional discussion is warranted.
Gadi may tend to bring along a little too much discussion, though. I
think a lot of people would agree with that.
> In the particular case of Gadi, I resent the persistent grandstanding
> and offers of assistance and assurances that's he's on the job.
Okay, annoying, granted.
> essentially all advertising for his consulting business and I don't
> think it's appropriate on this list. I for one do not flog the products
> of my employer on this list, nor do you, or most other people who
Yeah, um, uh, that fink is always trying to sell me something, uh, hm,
except I can't remember what, or find its web site, or even substantiate
that claim. He posts from linuxbox.org, which seems to have no web page,
usually posts without a signature, etc. Maybe you could outline where
he's doing all this evil advertising.
If you want to paint Gadi with this brush, you should be aware that the
criteria necessary to bring him down on that basis will almost certainly
cover Paul Vixie and a whole bunch of other highly respected members of
> I tolerate this sort of behavior in the security arena (read bugtrac
> these days) though I resent the fact that it's de rigeur in the space
> for many disclosures to essentially be advertising for the consultants
> doing the work, virus updates are advertising for anti-virus companies etc.
I find it sadly ironic that the netops community, which largely runs huge
commercial for-profit networks, would think that others would handle the
security aspects for them - and do it for free.
What's pathetic is that these same large networks usually can't be bothered
to do much (or anything) to eliminate the environment which provides work
opportunities for security consultants.
Gadi? Annoying, definitely. But nothing compared to the resistance of
this community to the idea that netops has anything to do with the sorts
of security issues Gadi brings up.
I just had to comment on this. I'll go back to lurking now.
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG