On Thu, 24 Oct 2002 Valdis.Kletnieks@vt.edu wrote:
On Thu, 24 Oct 2002 18:01:44 -0000, "Kelly J. Cooper" <kcooper@genuity.net> said:
So, seven years of hardening hosts against SYN attacks. Five years of trying to get people to turn off the forwarding of broadcast packets. Three years of botnets generating meg upon meg of crap-bandwidth.
Where are the suuuuuper-geniuses?
You know, most bars have bouncers at the door that check IDs. Sure, they're not perfect, but the bartender can usually be pretty sure the guy ordering a beer is over 21. The average bar isn't run by a soooper-genius. But it's still considered fashionable to let packets roam your network without an ID check at the door.
Yeah and how's that working so far?
soooper-genius solutions aren't going to help any when there's a lot of address space that's managed by Homer Simpson....
But there will always be address space managed by Homer Simpson. And that's part of my point - we can't fix everybody's networks. There will always be broken/misconfigured networks run by the willfully ignorant. We've been in an arms race for years. They come up with something, we come up with a response, they come up with something else, we scramble to find router OS code that doesn't crash, etc. It's just back and forth, back and forth. All I'm advocating is breaking out of that pattern. Kelly J. -- Kelly J. Cooper - Security Engineer, CISSP GENUITY - Main # - 800-632-7638 Woburn, MA 01801 - http://www.genuity.net