[80724] in North American Network Operators' Group
Re: Internet attack called broad and long lasting
daemon@ATHENA.MIT.EDU (Gadi Evron)
Wed May 11 09:59:07 2005
Date: Wed, 11 May 2005 16:59:56 +0400
From: Gadi Evron <ge@linuxbox.org>
To: Valdis.Kletnieks@vt.edu
Cc: Alexei Roudnev <alex@relcom.net>,
Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: <200505111347.j4BDlnQQ010142@turing-police.cc.vt.edu>
Errors-To: owner-nanog@merit.edu
Valdis.Kletnieks@vt.edu wrote:
[snip]
Hi Vladis!
> Actually, it *is* relevant for the "rest of us".
>
> Given the number of boxen that got whacked, and the number of sites involved,
> "the defender" *is* "the rest of us", and "we as an industry" obviously need
> to get our collective act in gear. Remember -
Which is exactly my point...
People keep worrying about 0days, when I'd only start worrying about
them once I made sure that current (old) and known vulns can't get me.
Once they are inside, it doesn't matter how they got in until a later
time when you do forensics and try to make sure it doesn't happen again,
which is what I referred to as the defender side.
Fact is, the break in was serious because serious data was stolen.. so
why should the fact it was an old vuln distract us from that except for
perhaps reintroduce the facts that people simply don't do enough
security and/or best practices, which we already knew?
> *Your* boxes may be hardened beyond all belief and plausibility, but you're
> *STILL* screwed if some teenaged kid on another continent has more effective
> control of the router at the other end of your OC-48 than the NOC monkey you
> call when things get wonky....
Well, I suppose it's not really a great idea to wait until things get
wonky to establish good and operational relations with your uplink.
Gadi.
