There are network equipment manufactures who offer last mile protection at the chip level which forces authentication or the packets get dropped, this has been around for about 4 years now and people should seriously look at that as a solution, fast changeable FPGA designs can accommodate such issues and can be changed on the fly long before someone has time to effectively reverse engineer them to find out how they work, they will always be behind by several years and will not he having access to source code to be able to hack anything........ Forced Identification for people who purchase Cisco reseller equipment and any other manufacturer of said equipment will put a dent in some of this non sense also. If there is to be security then you must look at the entire issue well beyond the ability to hack stuff. Anyway my 2 cents for the moment -Henry --- Yann Berthier <yb@sainte-barbe.org> wrote:
On Sun, 11 Apr 2004, Iljitsch van Beijnum wrote:
Ok, then explain to me how removing bugs from the code I run prevents me from being the victim of denial of service attacks.
It's the other way around in fact: if others were to run (more) secure code, there would be far less boxen used as zombies to launch ddos attacks against your infrastructure, to propagate worms, and to be used as spam relays.
While it can sound a bit theorical (to hope that the "others" will run secure code), as the vast majority of users run OSs from one particular (major) vendor, an amelioration of said family of OSs would certainly benefit to all. Just think about all the recent network havocs caused by worms propagating on one OS platform ...
- yann