On Sun, 11 Apr 2004, Iljitsch van Beijnum wrote:
On 11-apr-04, at 11:51, Yann Berthier wrote:
Ok, then explain to me how removing bugs from the code I run prevents me from being the victim of denial of service attacks.
It's the other way around in fact: if others were to run (more) secure code, there would be far less boxen used as zombies to launch ddos attacks against your infrastructure, to propagate worms, and to be used as spam relays.
You make two assumptions:
1. denial of service requires compromised hosts
I don't remember having made such an assumption :) the assumption i made (and i still make) is that compromised hosts *are* used for dos attacks, as well as for other uses having major network impact (worms and spam, that is)
2. good code prevents hosts from being compromised
yes, i think that good code can reduce the exposure to compromissions. And then came the diseasusers ...
I agree that without zombies launching a significant DoS is much more difficult, but it can still be done. Also, while many hosts run insecure software, the biggest security vulnerability in most systems is the finger resting on the left mouse button.
I perfectly agree. But there are technical countermeasures available to limit the user willingness to help compromise his own box. Sandboxing, ingress *and* egress filtering, sensible security defaults and so on. While it would have not been a panacea, i think that no unnecessary open ports on default installs + OSs not encouraging their users to run as Administrator would certainly have been a good thing (tm) We certainly can't expect nothing from the user, but we should be able to expect sensible default settings from OS vendors
Also, waiting for others to clean up their act to be safe isn't usually the most fruitful approach.
I was not even suggesting something like that :)
While it can sound a bit theorical (to hope that the "others" will run secure code), as the vast majority of users run OSs from one particular (major) vendor, an amelioration of said family of OSs would certainly benefit to all. Just think about all the recent network havocs caused by worms propagating on one OS platform ...
I'm not all that interested in plugging individual security holes. (Not saying this isn't important, but to the degree this is solvable things are moving in the right direction.) I'm much more interested in shutting up hosts after they've been compromised. This is something we absolutely, positively need to get a handle on.
I think we mostly agree on every points, i just wanted to pinpoint the fact that insecure code run by others has certainly repercussions on everyone's network. So now let's this thread die, because it begins to sound like something we have seen so many times :) I won't add _one_ word to these way too much rebated subjects Cheers, - yann