[10870] in bugtraq
Re: Diversity
daemon@ATHENA.MIT.EDU (Forbes_Thayne@EMC.COM)
Mon Jun 21 13:15:03 1999
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <BA74881B5C1FD311A08000E02924938151C8EE@MXCLSG>
Date: Sat, 19 Jun 1999 11:55:49 -0400
Reply-To: Forbes_Thayne@EMC.COM
From: Forbes_Thayne@EMC.COM
To: BUGTRAQ@NETSPACE.ORG
Please forgive me discussing diversity whilst replying with MS-Outlook.
Yes, I understand the irony.
> -----Original Message-----
> From: david@kalifornia.com [SMTP:david@kalifornia.com]
> Sent: Friday, June 18, 1999 12:48 PM
> To: BUGTRAQ@netspace.org
> Subject: Re: Diversity
>
> Ian Carr-de Avelon wrote:
>
> Having differing IP stacks for a
> packet to travel through increases the chances that malicious packets will
> get trapped on one of them and the internal network remains protected.
>
[...] An amazing amount of
> forethought has gone into the development of each flavor of *nix.
> Different
> theories are implemented in different stacks. Sometimes this has caused
> problems, but overall it engenders a resilliency to faulting.
>
> Diversity can certainly be thought about. The open source model
> encourages
> program development. Many people writing differing versions of software.
> Naturally this diversity means an exploit in one program is unlikely to be
> found in another.
>
[Forbes, Thayne] Recently I was explaining to a youngster why the
Internet
Worm had been so damaging. To my mind there were two reasons. One,
about two thirds of the net was using the two OS/applications that
it targetted.
(If I recall correctly, SUNos and VMS, Sendmail and fingerd). Not
much diversity.
Secondly, many/most organizations reaction to the incident was to
disconnect
from the net, forcing them to diagnose and correct the problem by
themselves.
Certainly we are seeing the first phenomomin again. I allude the
the second as
the result of an effective DoS attack on Cisco equipment. Frankly,
I think David
wildly underestimates the impact of a widespread Cisco problem.
If major Cisco bug came out, your customers will complain due to
the
> widespread use of Cisco equipment. Not everyone uses Cisco however and
> not
> every Cisco machine is going to be reachable to crash. Some of your
> customers wouldn't even notice, some of your customers would see a few
> slow
> or dropped sites. Some would find their favorite place unreachable. The
> internet is an extremely diverse culture of equipment and people and short
> of a humanitarian disaster, nothing is going to take the whole thing down.
>
>
