[45885] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Maformed SNMP Packet log/trace

daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Feb 27 02:01:41 2002

Date: Wed, 27 Feb 2002 02:00:41 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: Eric Brandwine <ericb@UU.NET>
Cc: nanog@merit.edu
In-Reply-To: <gu93czn8u7v.fsf@rampart.argfrp.us.uu.net>
Message-ID: <Pine.GSO.4.40.0202270019390.4902-100000@clifden.donelan.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu



On 27 Feb 2002, Eric Brandwine wrote:
> Security is not about making things foolproof.  They'll always be able
> to break you, no matter what you do.  Security is about assuming
> acceptable risk, and mitigating unacceptable risk.

10 years ago I suspect we would have been discussing software quality
control.  The security label isn't always the best approach a problem.

Yes, car thieves will always be able to steal your car.  That isn't the
same problem as having the wheels fall off the car because the
factory didn't tighten the lugnuts.  Are buffer overflows an intrinsic
risk, or a symptom of bad software engineering?

I don't believe in unbreakable systems. But quality engineering can
make systems more stable and robust under all conditions, even the
unexpected.  Yes, Murphy, Mother Nature and Malicious people will
still get you.  But its easier to fix a well-designed system than one
held together with lots of duct tape.


> If I could do it over?  I'd get in my Tardis, and go back to 1969.
> I'd teach everyone at DARPA how to spell security.  Loose source
> route, IP options in general, ICMP address mask requests, all these
> things should go away.

You wouldn't need to go all the way back to 1969.  I debated loose
source routing with one of the authors of TCP/IP in the early
1980's :-)  I made an ass of myself in that debate. But its not really
fair to say they didn't understand security.  Security is one of those
words, which means a lot of different things to different people.  The
Internet is better at security than the NSA for some types of security,
and worse at other types of security.

What will be interesting is if the Internet can add confidentiality on
top of a network easier than other networks can add availability on top
of their networks.  The Internet blew through Y2K without a hiccup, ask
the NRO how their super-secure network did.

> SSH is worth the protection, as reference implementations are
> available, and it requires very little in the way of system support.
> As long as in-band access to routers is required, SSH (or HTTPS or
> IPSec) will be with us.  As time passes, the quality of the tools that
> we have to work with improves, and our trust in them can grow.

SNMPv1 had reference implementations too.  Out trust seems to have
been misplaced.

> The official answer is control plane separation.  This worked for the
> PSTN, and it's the way the Internet will go, eventually.

Just because Bell Labs never released a paper on "Security Problems in
the SS7 Protocol Suite" doesn't make the telephone network secure.
PSTN security relies primarly on trust between telephone companies.  Not
very scalable.  The Internet has been the biggest improvement in
telephone security in the last 100 years.  The Internet was a nice
bright shiny object which attracted most of the phreakers away from
the PSTN.

Control plan seperation isn't a complete answer for the Internet
because its a network of networks.  Just like control plane seperation
has problem scaling in the PSTN, you'll find a lot of "untrustworthy"
parties will end up with access to the control planes which extend
between networks.



home help back first fref pref prev next nref lref last post