[55290] in North American Network Operators' Group
Re: management interface accessability (was Re: Worm / UDP1434)
daemon@ATHENA.MIT.EDU (Chris Wedgwood)
Sun Jan 26 14:27:19 2003
Date: Sun, 26 Jan 2003 11:23:10 -0800
From: Chris Wedgwood <cw@f00f.org>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3k7gryc27.fsf@as.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Jan 26, 2003 at 06:56:48PM +0000, Paul Vixie wrote:
> in fairness to microsoft, there have been worms based on apache and
> bind and popper and fingerd (buffer overruns) and even sendmail
> (wizard password) so the wide scale code review one gets from open
> source software engineering is only a marginal solution to
> monocultural weakness vectors.
i wasn't pointing at microsoft
i was pointing out that leaving software completely exposed when it
need not be is potentially problematic
perhaps[1] this is worse for software which is used mostly for local
connections (ie. LAN, internal network, etc.) such as SQL servers as
opposed to software which is designed and/or required to accept
connections from all over such as a web-server or MTA
--cw
[1] where often a higher degree of paranoia exists in the programmers
mind and also the likely hood of wide-spread problems being reported
appears to be greater
