[69427] in North American Network Operators' Group
Re: Packet anonymity is the problem?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sun Apr 11 04:33:45 2004
In-Reply-To: <Pine.GSO.4.58.0404102208080.16301@clifden.donelan.com>
Cc: nanog@merit.edu
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 11 Apr 2004 10:32:33 +0200
To: Sean Donelan <sean@donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 11-apr-04, at 4:48, Sean Donelan wrote:
> "Because of the way TCP/IP works, it's an open network," Keromytis
> said. "Other network technologies don't have that problem. They have
> other issues, but only IP is subject to this difficulty with abuse."
I don't think so. Non-IP networks such as the phone network, the
(snail) mail network and the pizza delivery network are also subject to
abuse. The difference is there are much fewer convenient multipliers
around that give an attacker an asymmetric advantage.
> Bellovin compared the situation to bank robberies. "[S]treets,
> highways
> and getaway cars don't cause bank robberies, nor will redesigning
> them
> solve the problem. The flaws are in the banks," he said. Similarly,
> most
> security problems are due to buggy code, and changing the network
> will
> not affect that.
Ok, then explain to me how removing bugs from the code I run prevents
me from being the victim of denial of service attacks.
