[19497] in bugtraq
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
daemon@ATHENA.MIT.EDU (ddowney@MAIL.HISLINUXBOX.NET)
Tue Mar 6 00:37:59 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0103051816170.6928-100000@mail.hislinuxbox.net>
Date: Mon, 5 Mar 2001 18:18:33 -0800
Reply-To: ddowney@MAIL.HISLINUXBOX.NET
From: ddowney@MAIL.HISLINUXBOX.NET
X-To: Perry Harrington <pedward@WEBCOM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010305155956.A29340@webcom.com>
On Mon, 5 Mar 2001, Perry Harrington wrote:
> In short, yes security through obscurity is dumb, but calling for people to change
> this functionality is unwarranted when machines can be firewalled.
>
Actually to me this sounds more like an excuse NOT to fix the problem
simply because it's "industry standard".
Sometimes standards need to be looked at and revamped. In this case it's
one that would affect the industry as a whole. Are you calling for
advisories only simply because the workload would be tremendous or because
you truly believe that fixing this would affect nothing?
---
David D.W. Downey - RHCE
Consulting Engineer
Ensim Corporation
david.downey@ensim.com
