RE: Solaris telnet vuln solutions digest and network risks
Subject: Re: Solaris telnet vuln solutions digest and network risks
This post appears to have been written for another mailing list (where it is probably on-topic). Why did you repost it to NANOG-L?
Do you know of any network operators who have no Solaris boxes at all used in the management of some part of their network? Seems to me that it is very common for network operators to use Solaris boxes to manage their networks. And while they may have ACLs to prevent access from the outside world, this probably does not prevent employee access. So it is a big deal when there is an exploit that allows anyone to break into these management devices. Also, there is a subset of network operators whose business is hosting servers and these companies often use Solaris servers at least partly. Again, seems relevant to me. By the way, your posting seems to have been written for purposes which are not on-topic on this list. Why did you post it to NANOG-L? --Michael Dillon
<michael.dillon@bt.com> writes:
Do you know of any network operators who have no Solaris boxes at all used in the management of some part of their network? Seems to me that it is very common for network operators to use Solaris boxes to manage their networks. And while they may have ACLs to prevent access from the outside world, this probably does not prevent employee access. So it is a big deal when there is an exploit that allows anyone to break into these management devices.
http://www.nanog.org/endsystem.html Solaris (and {windows, mac, voip phone, snmp toaster } ) vulnerabilities are not on-topic for nanog@.
Also, there is a subset of network operators whose business is hosting servers and these companies often use Solaris servers at least partly. Again, seems relevant to me.
The sysadmins of such systems read the appropriate mailing lists. You probably don't read them because it's not part of your job, just as you probably don't monitor firearms-related mailing lists for news of safety recalls if you have no vested interest in that area.
By the way, your posting seems to have been written for purposes which are not on-topic on this list. Why did you post it to NANOG-L?
The NANOG MLC encourages polite feedback and positive peer pressure from fellow list members. Whether this feedback is posted publicly is left to the discretion of the individual providing the feedback. Albert's message is on-topic for the list. That said, in the unlikely event that positive peer pressure gets out of hand to the degree that it interferes with the usefulness of the NANOG mailing list, the MLC may request that metadiscussion threads get moved to nanog-futures. Hope this clears things up, ---Rob (on behalf of nanog-admin, the nanog mailing list administration team)
On Wed, 14 Feb 2007, Robert E. Seastrom wrote:
<michael.dillon@bt.com> writes:
Do you know of any network operators who have no Solaris boxes at all used in the management of some part of their network? Seems to me that it is very common for network operators to use Solaris boxes to manage their networks. And while they may have ACLs to prevent access from the outside world, this probably does not prevent employee access. So it is a big deal when there is an exploit that allows anyone to break into these management devices.
http://www.nanog.org/endsystem.html
Solaris (and {windows, mac, voip phone, snmp toaster } ) vulnerabilities are not on-topic for nanog@.
Often I'd agree. This is not such a case. End-systems today when managed together or handled together are indeed a topic which concerns service providers today and affects operations in a serious fashion. Fact of the matter is many ISPs spent the entire of yesterday and will probably repeat that today with their entire network and security teams dedicated to this issue. Unfortunately, BGP is not all we care about anymore. My post was written for NANOG as can be seen by my first few bullets and then reposted to other interested places where sysadmins hang out. Why? Because it was needed. This is not about the security or management of this or that end system, but rather maintaining the ISP itself and its operations. Another good example for this was introduced just a few days ago with the web server botnets. Any ISP here with a hosting farm knows how much resources wasted and pain in general was spent in that direction, trying to maintain it and the ISP's security, not to mention the botnets just running undisturbed. Let's not hide behind the past. What an "end system" may mean in that post is undebiable, what an "end system" means to us changed drastically since 1998. We may not care about phishing or this or that virus here, but we do about things we need to *deal with on our networks*. By we I obviously can't mean all of us, but not all of us can handle all that an ISP would care about from a network standpoint. Some only care about BGP, others only about DNS. Yet more others only about security. What we have here is a clash of cultures with changing times. Gadi.
participants (3)
-
Gadi Evron
-
michael.dillon@bt.com
-
Robert E. Seastrom