Broadband routers and botnets - being proactive
alex at pilosoft.com
alex at pilosoft.com
Wed May 16 04:37:36 UTC 2007
On Tue, 15 May 2007, Joe Greco wrote:
> The thing is that there's always been too much functional separation
> between the business of this list which is operating a network, and the
> security focused lists. The business of operating a network has often
> conveniently ignored anything that doesn't actually cause the network to
> collapse, but which regardless makes the network a less-than-nice place
> to be.
>
> Is spam directly related to the business of Network A peering via BGP to
> Network B? Doubtful.
Clearly, it is not. Packets keep flowing. Internet is more than email.
> However, where does that change? What sort of things are operational?
Things that affect internet at large. Things that affect our routers.
> As long as we choose to interpret "operating a network" as being merely
> things that involve enable on a router, yes, it's way off-topic.
> Sadly, many (most?) networks view their operation in a way that
> emphasizes this sort of attitude. As a result, we still don't have
> basic security things that should /also/ be a fundamental part of
> netops, such as BCP38 at any point where it is reasonable to do so (like
> at virtually every edge).
That's certainly on-topic (why is BCP38 is not implemented as much as it
should be).
> > You and I and lots of other people on this list are on on many or all
> > of those sorts of lists.
>
> In most organizations larger than a handful of people, the netops people
> are not necessarily the same as the security people, and I've often
> found that the groups do not understand issues happening in the other
> arena.
That's an issue for those organizations. :) However, security people have
their own mailing lists, and *forcing* operations people to be involved in
security issues is counter-productive. (You don't make your security
people to read nanog-l, do you?)
> > While cross-pollination is acceptable and in fact desired dragging the
> > business of one group of community interests in to the domain of
> > another is not appropriate.
>
> Were they all truly separate, this would be true. They're not all truly
> separate. Pretending that they're separate would be a convenient way to
> allow your network to continue peeing in the pool, ignoring problems,
> which (sadly) doesn't seem to be an unusual attitude at certain
> networks.
Sadly, the alternatives (resulting in trying to police the internet) are
much worse than status quo.
> Those of us who have been implementing BCP38-style filtering since
> before BCP38 existed, on the other hand, may take a slightly more mature
> view of what "network operations" involves, and it sure covers a lot
> more ground than what you can do with enable on a router.
>
> I do not consider host security to be directly connected to netops.
> However, it certainly has an impact, and to a certain extent, a little
> occasional discussion is warranted.
When it is affecting internet at large (think nachi/nimda/codered),
clearly.
> Gadi may tend to bring along a little too much discussion, though. I
> think a lot of people would agree with that.
I think this is the case of a 'boy who cried wolf' too many times.
<snip>
> I find it sadly ironic that the netops community, which largely runs
> huge commercial for-profit networks, would think that others would
> handle the security aspects for them - and do it for free.
Those who run huge commercial for-profit networks usually have people who
are dedicated to security aspects...Ones not so lucky usually have same
people who are both operations and security and peering - and we are
subscribed to all the mailing lists we need to know to get all our jobs
done. And I think its the way things should be.
> What's pathetic is that these same large networks usually can't be
> bothered to do much (or anything) to eliminate the environment which
> provides work opportunities for security consultants.
Do I smell a "final ultimate solution" somewhere? :)
[note the cc to nanog-futures - please strip cc to nanog-l from the
replies to this email. meta-discussions belong on -futures]
alex [speaking for myself only]
More information about the NANOG
mailing list