[60077] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Thu Jul 31 12:53:28 2003
Date: Thu, 31 Jul 2003 09:51:06 -0700 (PDT)
From: Vadim Antonov <avg@kotovnik.com>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3adavfclg.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 31 Jul 2003, Paul Vixie wrote:
> the anti-nat anti-firewall pure-end-to-end crowd has always argued in
> favour of "every host for itself" but in a world with a hundred million
> unmanaged but reprogrammable devices is that really practical?
Not everything could be hidden behind a firewall, particularly in this
world of increasingly mobile and transient connectivity.
Besides, firewalls only protect against outsiders, whereas most damaging
attacks are from insiders.
What we need is a new programming paradigm, capable of actually producing
secure (and, yes, reliable) software. C and its progeny (and "program
now, test never" lifestyle) must go. I'm afraid it'll take laws which
would actually make software makers to pay for bugs and security
vulnerabilities in shipped code to make such paradigm shift a reality.
--vadim
