Home page logo
/

nanog logo nanog mailing list archives

Re: WANTED: ISPs with DDoS defense solutions
From: "Christopher L. Morrow" <chris () UU NET>
Date: Sat, 2 Aug 2003 02:45:29 +0000 (GMT)



On Sat, 2 Aug 2003, E.B. Dreger wrote:


CLM> Date: Wed, 30 Jul 2003 22:37:21 +0000 (GMT)
CLM> From: Christopher L. Morrow


CLM> The problem isn't the network, nor the filtering /
CLM> lack-of-filtering, its a basic end host security problem.

Beyond basic filtering, it's a whack-a-mole to deal with rogue
systems.  Until the pain of having such a system is a sufficient

unless the rogue systems are out of the box secure... not every OS is, but
certainly there has been progress in this arena take simple examples like
OpenBSD and RedHat linux (or most other linuxes really) and some non-free
os's have also adopted a more 'secure' by default configuration recently.

barrier (or reward for being good is sufficient motivation), will
there be change?  Who should be held accountable for vulnerable
boxen?

I believe the vendor should, but my opinion matters not :) The lawyers and
congress folks (or someone like that) needs to get a little more mad about
their 'critical infrastructure' and how vulnerable it is due to negligence
and incompetence, or atleast a criminial level of naivety...


IANAL, but automobile vendors have recall notices...


mandated by federal regulations inside the US (atleast)... perhaps you
want this for vendors also?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]