[67304] in North American Network Operators' Group
Re: Stopping open proxies and open relays
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Feb 7 12:55:35 2004
To: =?iso-8859-1?Q?Gu=F0bj=F6rn_Hreinsson?= <gsh@centrum.is>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Sat, 07 Feb 2004 12:03:22 GMT."
<012701c3ed72$62960780$a900000a@birkihlid42>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 07 Feb 2004 12:42:54 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-417457388P
Content-Type: text/plain; charset=us-ascii
On Sat, 07 Feb 2004 12:03:22 GMT, =?iso-8859-1?Q?Gu=F0bj=F6rn_Hreinsson?= <gsh@centrum.is> said:
> Maybe we should first have laws that prohibit making and selling computers
> without firewalls? In this context I should be fine making cars without
This is going in the Very Wrong Direction.
Consider that no firewall would have stopped MyDoom from spreading, unless
it was sufficiently anal-retentive as to stomp on *outbound* SYN packets to
anyplace except the user's preferred SMTP server (and even then, it would only
slow things down, and is prone to "adjustment" by the worm similar to the
way some malware turns off A/V software).
When did Microsoft start *shipping* a firewall? Why are there still problems?
Because it was shipped disabled. And they're doing the right thing and
shipping with it enabled - but now there will be support calls on how to
get a port open so XYZ will work...
I wouldn't recommend trying to expand it to "prohibit making and selling
computers that are insecure", since no computer is 100% secure, and there's
no objective "secure enough" standard - closest you will get there is
probably Dell's offer to ship machines pre-hardened to Center for Internet
Security guidelines.
--==_Exmh_-417457388P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAJSOecC3lWbTT17ARAlWtAJ426TNffX+NkHRkB9KveVmmNwtq9ACg83sk
I72e0RmXjKhDl1jrUEYeXW4=
=AKZV
-----END PGP SIGNATURE-----
--==_Exmh_-417457388P--
