misunderstanding scale (was: Ipv4 end, its fake.)
marka at isc.org
Sun Mar 23 21:02:13 UTC 2014
In message <532F42AA.9000604 at foobar.org>, Nick Hilliard writes:
> On 23/03/2014 18:39, Mark Andrews wrote:
> > As for printers directly reachable from anywhere, why not.
> because in practice it's an astonishingly stupid idea. Here's why:
> chargen / other small services
> buffer overflows
> open smtp relays
> weak, default or non existent passwords
> information leakage from non-protected services
> and so forth.
> Nothing wrong with global reachability, don't get me wrong - and if I
> thought for a pico-second that printers or any other connectible device
> took even the most basic steps at handling security fundamentals, I might
> even be ok about the idea.
> But they don't: printer drivers and interface firmware are written by
> people whose only ability is relaying eps and pcl files from one socket to
> another and pumping their code full of rage-inducing bloatware, the only
> purpose of which is to serve the blind whims of idiotic product managers
> who derive a sadistic satisfaction from ensuring that their products
> interfere as much as humanly possible with the process of committing ink
> and toner to paper. Security management doesn't even get a look in.
> 12 months after market debut, printer firmware updates cease forever for
> that particular model, and the inevitable result is a line-rate bot spewing
> obnoxious crap until the day that the device is thrown on to the scrap heap
> that it deserved when it was first unpacked.
> Exactly the same principal applies to pretty much any consumer device,
> although I admit that printers are worse offenders than most.
> We can all agree that what's needed here is full consumer choice and the
> ability to address things globally, should one desire to do so. In
> practice, default deny is more sensible approach to handling the reality of
> connecting devices to a public network.
Actually all you have stated in that printer vendors need to clean
up their act and not that one shouldn't expect to be able to expose
a printer to the world. It isn't hard to do this correctly. It
also does not cost much on a per device basis.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG