Firewall Wizards: Re: A fun smackdown...

[Chuck Swiger <chuck () codefab com>]

On May 21, 2005, at 3:55 PM, Marcus J. Ranum wrote:
> Chuck Swiger wrote:
> > You've asserted that all standards are useless.  You've asserted that 
> > standards which do not take security into account are not 
> > internet-worthy.  You seem to believe that no Internet standard is 
> > legitimate and all traffic must be considered dangerous.
> OK. Why don't you list for us, real quickly, the internet application
> protocols that haven't had a security vulnerability so far.
>
> I'm all ears. Start your engines. Go!
You're all ears because you're trolling! :-)

There's a difference between a protocol and the implementation of a 
protocol.  Most software has bugs, and it's hard to write provably 
correct software even for limited cases.  This doesn't stop people from 
writing useful software or new protocols in the meantime.
It doesn't seem useful to point to ICMP DoS attacks or forged TCP 
resets aiming to zap persistent connections as being a technical flaw 
with the protocols themselves.  The fact that someone can misuse ICMP 
or TCP is somewhat like blaming the highway because it allows drivers 
to speed.  Abusive use of network resources is a social issue that can 
be helped by technical countermeasures, such as tuning the network 
stack, changing the protocol spec, adding resource limiters and better 
timeout management, as well as by firewalls and other security tools.
> mjr.
> (PS - chargen?)
Makes an infinite generator if you can connect it to a socket on some 
host you are trying to DoS.
--
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards