[52970] in North American Network Operators' Group
Re: DNS issues various
daemon@ATHENA.MIT.EDU (Kelly J. Cooper)
Thu Oct 24 15:00:23 2002
Date: Thu, 24 Oct 2002 18:59:46 +0000 (GMT)
From: "Kelly J. Cooper" <kcooper@genuity.net>
To: nanog@merit.edu
In-Reply-To: <200210241834.g9OIYbLa020236@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 24 Oct 2002 Valdis.Kletnieks@vt.edu wrote:
> On Thu, 24 Oct 2002 18:01:44 -0000, "Kelly J. Cooper" <kcooper@genuity.net> said:
>
> > So, seven years of hardening hosts against SYN attacks. Five years of
> > trying to get people to turn off the forwarding of broadcast packets.
> > Three years of botnets generating meg upon meg of crap-bandwidth.
> >
> > Where are the suuuuuper-geniuses?
>
> You know, most bars have bouncers at the door that check IDs. Sure, they're
> not perfect, but the bartender can usually be pretty sure the guy ordering a
> beer is over 21. The average bar isn't run by a soooper-genius. But it's still
> considered fashionable to let packets roam your network without an ID check at
> the door.
Yeah and how's that working so far?
> soooper-genius solutions aren't going to help any when there's a lot of
> address space that's managed by Homer Simpson....
But there will always be address space managed by Homer Simpson.
And that's part of my point - we can't fix everybody's networks. There
will always be broken/misconfigured networks run by the willfully
ignorant.
We've been in an arms race for years. They come up with something, we
come up with a response, they come up with something else, we scramble to
find router OS code that doesn't crash, etc.
It's just back and forth, back and forth.
All I'm advocating is breaking out of that pattern.
Kelly J.
--
Kelly J. Cooper - Security Engineer, CISSP
GENUITY - Main # - 800-632-7638
Woburn, MA 01801 - http://www.genuity.net
