[192298] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Mon Oct 24 18:23:57 2016
X-Original-To: nanog@nanog.org
Date: Mon, 24 Oct 2016 15:21:48 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: Mike Hammett <nanog@ics-il.net>
In-Reply-To: <1512069667.452.1477347462606.JavaMail.mhammett@ThunderFuck>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
It's possible you might have wanted to read the link for the context that=
=20
pointed this out as sarcastic hyperbole, though the text as-is could=20
(unfortunately) have been read as serious.
--=20
Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E | also on Signal
On Mon 2016-Oct-24 17:17:43 -0500, Mike Hammett <nanog@ics-il.net> wrote:
>There's a buffer overrun in some software, so let's just remove all passwo=
rds (and keys), since they can get in anyway.
>
>
>
>
>
>Just pointing out flawed logic.
>
>
>
>
>-----
>Mike Hammett
>Intelligent Computing Solutions
>http://www.ics-il.com
>
>Midwest-IX
>http://www.midwest-ix.com
>
>----- Original Message -----
>
>From: "J. Oquendo" <joquendo@e-fensive.net>
>To: "Steve Mikulasik" <Steve.Mikulasik@civeo.com>
>Cc: nanog@nanog.org
>Sent: Monday, October 24, 2016 3:53:25 PM
>Subject: Re: Spitballing IoT Security
>
>On Mon, 24 Oct 2016, Steve Mikulasik wrote:
>
>> if we automatically blackholed those IPs as they get updated it could pu=
t a big dent in the effectiveness of Zeus.
>>
>
>That would involve someone lifting a finger and implement
>a config change. Much easier to implement BCP38 or was it
>RFC 4732? Would never work the moment someone has to lift
>a finger.
>
>/*
>I think I'll change my position on BCP38. It's pointless to try
>blocking spoofed source addresses because:
>
>* It doesn't solve every single problem
>* It means more effort for service providers
>* It requires more CPU processing power
>* Using it will generate smarter "black hats".
>
>https://www.nanog.org/mailinglist/mailarchives/old_archive/2004-10/msg0013=
2.html
>
>*/
>
>
>--=20
>=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=
=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+
>J. Oquendo
>SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>
>"Where ignorance is our master, there is no possibility of
>real peace" - Dalai Lama
>
>0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463
>https://pgp.mit.edu/pks/lookup?op=3Dget&search=3D0xFC837AF59D8A4463
>
--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJYDol8AAoJEFsnhBAb2KmAY/EQAJYQ54lJj3bhdr+XxMwmAwe1
YezqGEGc7OVShEO7ODDj9UPTI3Rwga6glhHSz+FdmxrlyNQ+HD7LO5EAO188XEsb
ilw/A00XH+41zD149FW8zLdpy2LlalBr6dPh6qCfx8WAU4boKaVUz6Ena2XWfoyr
xc/G30U3iBVG0VUGDNn+dMFGcjPIGjyjSJfOdHJHRwBTlXui+WhxSY2q+E+af49F
f9qBYdD6/r3dgc6/NQ/e1c18wlGoyLMItWWg+3kkej4XH9Xx6XND1FSkMcScbDh3
96t6rXJ75pnqBVQTn3aR8y8s0yyw0w8J8mj2guok14RiHGFU9sSAysHUvRWzL0RS
1+1QzvM9+lnkw96JQQJymaHNUNSoh8/t0g/AXtXD6YNcRmwTt6YY8RNF972D2cKr
355atMqdIp+vbzhF3REOM4IPi279mLzm4v4cQBYyhzXkLF5O1HH/ZH9svtsAb3+Y
+oAVsXC6S1jccMffBjXXz+dv31oD2aod+DwBAu8nefS/6FPzD+E+t6zDGidfBkWl
MWdgVAJATiniCa2yfiCV3ZJ1OmuKqYWV74jKVoBimlECFzZKno0PyEJZsSOHcVQP
96a7krZa66s99ZR7ZtoU4zc/yxM/2NZHvH8RNtt5IG49G8ZJisDkIMKs+nU0yeWV
TINNNbuMPKG5zakBfWVf
=9oYo
-----END PGP SIGNATURE-----
--CE+1k2dSO48ffgeK--
