[62748] in North American Network Operators' Group
Re: Home Storage Area Network security
daemon@ATHENA.MIT.EDU (Geo.)
Sun Sep 21 22:46:40 2003
Reply-To: "Geo." <georger@getinfo.net>
From: "Geo." <georger@getinfo.net>
To: <nanog@merit.edu>
Date: Sun, 21 Sep 2003 22:41:20 -0400
Errors-To: owner-nanog-outgoing@merit.edu
> If it prevents network-debiliatating attacks like Blaster and friends,
> YES.
Ok I understand where you are coming from but that's a completely different
requirement than your previous post suggested, protecting the network is the
job of a network admin, protecting the applications using the network is
something else entirely.
As an example the recent nachia worm that causes network problems for some
devices because of the arp request issue, can be solved by patching or
replacing those devices that are susceptible to excessive arp request DOS.
This in no way requires blocking any of the protocols, it's simply a
vulnerability in certain devices that needs patched. Those devices are
susceptible to attack, not from a worm or a protocol, but from a function of
the network, and blocking the port a worm uses does nothing to protect those
devices from attack via this vulnerability. It would be trivial to write an
exploit that exposes this vuln and which blocking 135 provides no protection
at all.
Geo.
