[65118] in North American Network Operators' Group
Re: The Internet's Immune System
daemon@ATHENA.MIT.EDU (Christopher X. Candreva)
Wed Nov 12 13:37:30 2003
Date: Wed, 12 Nov 2003 13:36:51 -0500 (EST)
From: "Christopher X. Candreva" <chris@westnet.com>
To: nanog@merit.edu
In-Reply-To: <3FB278AA.3090508@everydns.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 12 Nov 2003, David A. Ulevitch wrote:
> Automated techniques are the only thing that will stop it but is your
> idea "fast enough?" I don't think so. Relying on user reports is good
> for compromises and spambots but it won't do anything to stop CodeRed or
> Nimda.
True -- but I did say that this was a:
>> mechanism for various firewalls, intrusion detection systems, etc to talk
>> to each other to solve problems as quickly as possible.
> I don't think anything comes close to that today.
No, nothing does. This is a start. The example I gave of a command line tool
was just that. The idea is a framework that people and tools can use to
exchange information. I think the protocol itself -- the underlying system
-- is what will be important. The command line program would be the second
part of "Rough consensus and working code". As with DNS and web servers, I
expect there would be many implementations, from inclusion in firewall
programs to CPAN modules.
==========================================================
Chris Candreva -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
