[40288] in North American Network Operators' Group
RE: The Death of TCP/IP
daemon@ATHENA.MIT.EDU (andrew2@one.net)
Mon Aug 6 13:58:36 2001
Reply-To: <acruse@design-synergy.com>
From: <andrew2@one.net>
To: <nanog@merit.edu>
Date: Mon, 6 Aug 2001 13:56:47 -0400
Message-ID: <00df01c11ea1$2a031ea0$fc01a8c0@designsynergy.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <3B6ED0AF.2DC72595@delong.sj.ca.us>
Errors-To: owner-nanog-outgoing@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> Raw socket support in NOT a bad thing. I wonder if Robert
>> Cringely and Steve Gibson are friends.
>>
>True, Raw socket support alone is NOT a bad thing. Raw socket
>support on
>hundreds of thousands of hosts that have well known exploitable
>holes that
>can easily be used by any script kiddie to generate widespread DDOS
>attacks
>in a completely anonymous fashion little more than a downloaded
>script are a bad thing. You'll notice he didn't rail against raw
>socket
>support
>in NT, *Nix, etc. He railed against an OS with all the security of
>Win3.1
>being given raw socket support.
Not to flog a dead horse here, but if everyone would simply apply
proper ingress/egress filters at their borders this would all be a
moot point. It's hard to perpetrate an anonymous dDOS attack if the
packets aren't making it out of the originating network...and given
that this is, after all, a list for *network operators* it really
shouldn't be necessary to continually point this out.
Andrew
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO27aX9U0NpnwXzrpEQInuwCdE7Rg7F7/IQp7nYfhBGasSWabTcUAn0ke
kqsNEwLckWCPIlWZB/bWLPxA
=hEEn
-----END PGP SIGNATURE-----
