lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: steve.wray at paradise.net.nz (Steve Wray)
Subject: SQL Slammer - lessons learned

ok so how about some sort of 'driving test'
for internet access?

Proposed Scenario;
ISPs will give you unfiltered internet access if you can
pass a basic test demonstrating your ability to stop your
machine from being used to mess up internet access for others.
(Ok so MS engineers would probably *fail* as would Bill Gates...)

If you can't pass or don't want to sit the test, you
get internet access filtered to stop you from ignorantly
harming others.

Almost like a driving test; if you can't pass it or don't
want to sit it you get to ride a *mo-ped* so you aren't a danger
to others
;)

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Helmut Springer
> Sent: Monday, 10 February 2003 11:00 a.m.
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned
> 
> 
> On 09 Feb 2003 at 21:53 +0100, Schmehl, Paul L wrote:
> > This analogy is false.
> 
> For sure it is not 100% true, as all analogies aren't.
> 
> 
> > Your phone calls do not affect my ability to connect to the
> > telephone company, nor to do they take down my phone system.
> 
> If I'm attacking your line or telco equipment or that of you carrier
> they will.  Limited resources and vulnerable systems, actually this
> will become more of an issue as medias converge.
> 
> 
> > Furthermore, while the phone company doesn't decide the topics you
> > can discuss, they most *certainly* control what you can and cannot
> > transmit across their lines.
> 
> They do?  As long as I stick to the transmission standards (as in
> "ip" for the internet) I dare to doubt this.  A good friend spent
> some years teaching telco people how to build and run phone
> networks, so I happen to have little insight here.
> 
> 
> > Finally, ISPs are not phone companies.  They are companies that
> > contract with customers to provide them with a connection to the
> > Internet.
> 
> Right, they sell the ability to send and receive ip packets, as
> already said.  Everything else is add on I personally either don't
> care or will order (e.g. DoS handling at upstreams or whatever kind
> of service I as a customer would like to have for my site).  They
> might take emergency measures as temporary exceptions to deal with
> emergency situations.
> 
> 
> > >Internet is the ability to send ip packets from one node to
> > >another.
> > 
> > No, it's not.
> 
> Actually it is, the most basic definition.
> 
> 
> > It's much more than that.  It's the ability to communicate through
> > multiple means and methods.  And much more.  It is not simply a
> > connection from one node to another.  If it *was*, you wouldn't be
> > concerned about blocking ports.
> 
> Actually I'm not, you want to do so.  I want to be able to send and
> receive ip packets according to the standards for this, that's it.
> 
> 
> > However, when your system affects mine, then I am involved.
> 
> Yes, when they do so.  As long as they don't they are simply none of
> your business.  So don't tell me what ports I should be able to use
> on my side, feel free to filter to your needs on your side.
> 
> 
> > Just as you can do anything in the privacy of your own home, but
> > some things will get you arrested in public, you can do anything
> > on your own network, but when you get on the Internet you are in
> > public, and the public has a right to demand certain behaviors
> > from you and inflict certain consequences on you if you fail to
> > comply.
> 
> That's liability for things done, as everywhere, no problem.
> 
> 
> > Paul Schmehl (pauls@...allas.edu)
> > Adjunct Information Security Officer
> > The University of Texas at Dallas
> 
> Protect your constituency and make sure it doesn't attack others.
> If you find some spare time, try to understand internet.  But don't
> try to force others to join a limited network you want to be in.
> 
> -- 
> MfG/Best regards,                   "A Feature you cannot disable is
> helmut springer                      considered a bug"  comp.os.unix
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ