In message <C7AA377F-8B92-11D8-8702-000A95CD987A@muada.com>, Iljitsch van Beijn um writes:
Bellovin compared the situation to bank robberies. "[S]treets, highways and getaway cars don't cause bank robberies, nor will redesigning them solve the problem. The flaws are in the banks," he said. Similarly, most security problems are due to buggy code, and changing the network will not affect that.
Ok, then explain to me how removing bugs from the code I run prevents me from being the victim of denial of service attacks.
That's where my analogy breaks down -- but you're being victimized largely because of bugs in code other people run. I stand by my statement: most of the security problems we have on the Internet are due to buggy code. (If you want to stretch the analogy, imagine a bogus newspaper report that stimulates uncritical readers to withdraw their money. It's called a run on the bank, and it's every bit as much a denial of service issue as excess packet floods -- bank runs are transaction rates much greater than what the (financial) system was designed to handle. And when they're triggered by false rumors -- well, you get the picture, and my metaphors are stretched too thin as is.) --Steve Bellovin, http://www.research.att.com/~smb