[64595] in North American Network Operators' Group
Re: [arin-announce] IPv4 Address Space (fwd)
daemon@ATHENA.MIT.EDU (Henry Linneweh)
Tue Oct 28 18:23:09 2003
Date: Tue, 28 Oct 2003 15:21:11 -0800 (PST)
From: Henry Linneweh <hrlinneweh@sbcglobal.net>
To: Petri Helenius <pete@he.iki.fi>,
Matthew Kaufman <matthew@eeph.com>
Cc: 'Greg Maxwell' <gmaxwell@martin.fl.us>,
'nanog list' <nanog@merit.edu>
In-Reply-To: <3F9ED108.8050806@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
--0-773654140-1067383271=:25828
Content-Type: text/plain; charset=us-ascii
I think if program design criterion would change, to coding secure applications then
the problem would be reduced dramatically
-Henry
Petri Helenius <pete@he.iki.fi> wrote:
Matthew Kaufman wrote:
>End-to-end requires that people writing the software at the end learn about
>buffer overruns (and other data-driven access violations) or program using
>tools that prevent such things. It is otherwise an excellent idea.
>
>
>
There is supposedly some magic going into this in the next "Service
Pack" of a mentioned
major exploding Pinto. Not sure if itīs just flipping the joke of
firewall on by default or something
more comprehensive/destructive like non-executable stack. Or a
completely new invention like
bug free code :-)
>Unfortunately, the day that someone decided their poorly-designed machine
>and operating system would be safer sitting behind a "firewall" pretty much
>marked the end of universal end-to-end connectivity, and I don't see it
>coming back for a long long time. Probably not on this Internet. IPv6 or
>not.
>
>
Last I checked most "firewall"s donīt make these machines safe, it might
make them safer,
so only two out of three malwares hit them. Does not really help too much.
>Combine that with ISP pricing models (helped by registry policy) that
>encourage <=1 IP address per household, and the subsequent boom in NAT
>boxes, and the fate is probably sealed.
>
>
>
Here Iīve observed opposite trend, most ISPīs are getting rid of NATting
because itīs failure
prone and expensive to implement and keep running.
Pete
--0-773654140-1067383271=:25828
Content-Type: text/html; charset=us-ascii
<DIV>I think if program design criterion would change, to coding secure applications then</DIV>
<DIV>the problem would be reduced dramatically</DIV>
<DIV> </DIV>
<DIV>-Henry<BR><BR><B><I>Petri Helenius <pete@he.iki.fi></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR>Matthew Kaufman wrote:<BR><BR>>End-to-end requires that people writing the software at the end learn about<BR>>buffer overruns (and other data-driven access violations) or program using<BR>>tools that prevent such things. It is otherwise an excellent idea.<BR>><BR>> <BR>><BR>There is supposedly some magic going into this in the next "Service <BR>Pack" of a mentioned<BR>major exploding Pinto. Not sure if itīs just flipping the joke of <BR>firewall on by default or something<BR>more comprehensive/destructive like non-executable stack. Or a <BR>completely new invention like<BR>bug free code :-)<BR><BR>>Unfortunately, the day that someone decided their poorly-designed machine<BR>>and operating system would be safer sitting behind a "firewall" pretty much<BR>>marked the end of universal end-to-end connectivity, and I don't see it<BR>>coming back for a long
long time. Probably not on this Internet. IPv6 or<BR>>not.<BR>> <BR>><BR>Last I checked most "firewall"s donīt make these machines safe, it might <BR>make them safer,<BR>so only two out of three malwares hit them. Does not really help too much.<BR><BR>>Combine that with ISP pricing models (helped by registry policy) that<BR>>encourage <=1 IP address per household, and the subsequent boom in NAT<BR>>boxes, and the fate is probably sealed. <BR>><BR>> <BR>><BR>Here Iīve observed opposite trend, most ISPīs are getting rid of NATting <BR>because itīs failure<BR>prone and expensive to implement and keep running.<BR><BR>Pete<BR><BR></BLOCKQUOTE>
--0-773654140-1067383271=:25828--
