lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: steve.wray at paradise.net.nz (Steve Wray)
Subject: SQL Slammer - lessons learned

But if things carry on the way they are, ISPs are going
to be required, by law, to restrict access to the internet.

Once upon a time, the internet community was a closed circle,
if someone on the internet released a worm or something
that closed the net down, it only affected that small
circle of geeks. The rest of the world might have
been excused for asking 'so what?'

Not so anymore; ATMs, emergency services etc are all
impacted by crud on the internet.

That being the case, the rest of the world will very soon
be asking why the heck arn't internet service providers
policing their customers better?

Pressure groups will form, politicians will be bribed
oops sorry 'have campaign contributions made' be endlessly
harrassed by highly paid lobbyists (for example).

Soon, unless the internet community can
demonstrate an adequate level of self discipline,
it will no longer be as open as it is today.

Already, there are moves afoot to create 'internet content providers'
as opposed to 'internet service providers'. Think about it; Joe Public,
non-Geek wants music, movies email and porno maybe instant pestering
(oops *messaging*). Content providers can dish all that out at a
fraction
of the cost of a real ISP (lower overheads, less to manage, can
franchise
to RIAA approved outlets etc). 

Joe Geek, on the other hand, loses bigtime.

My guess? Unless the internet community shapes up or
oh maybe unless ipv6 becomes the standard for most of
the internet (*snicker* yeah RIGHT) within, say, 5 years
there will be NO open pipe ISP left anywhere in the, uh,
civilised world. You will have to go to somewhere more
interesting like Tuvalu
;)


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of yossarian
> Sent: Monday, 10 February 2003 11:25 a.m.
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned
> 
> 
> PS wrote:
> > All this is well and good, but I have a really hard time 
> understanding
> > why we need to route insecure networking protocols such as NetBIOS,
> > CIFS, NFS or NIS across the Internet.  Just closing those 
> ports would do
> > a world of good for the Internet as a whole, and who in the 
> world would
> > it hurt?
> 
> Well, it wouldn't hurt many, that is true. But who is to 
> decide which ports
> can be closed? I'd block this kind of traffic within the 
> network, in policy
> and on the internal firewalling, and the external 
> connection(s). Long time
> ago the net was invented to connect, with it came these 
> extremely insecure
> protocols. But I could argue the same for many other 
> protocols. So could my
> ISP.
> 
> > If you really seriously need to mount drives from a remote 
> network, you
> > can do it through a secure tunnel (SSH, VPN), which would 
> not be blocked
> > by blocking those ports.  If the Internet is going to survive in any
> > viable fashion, we have to come to our senses when it comes 
> to allowable
> > services.  The uncontrolled access to networking services on home
> > computers and poorly secured commercial networks is the root cause
> > behind a lot of the problems that exist on the Internet 
> today - worms,
> > virus, trojans, etc.  Ports 139 and 445, *at a minimum*, should be
> > closed (to the outside) on every network in the world.
> >
> > Are you really willing to demand your "freedom" in the face of the
> > overwhelming odds that leaving those ports open will do 
> more harm than
> > good?
> >
> Yes, I am. Leaving these ports open does not harm me, if it 
> harms anyone -
> not my problem. The ports you are referring to are not vital to the
> internet, it can just cause extra traffic. With the e-bubble, 
> we got loads
> and loads of bandwidth, not used normally. My freedom to use 
> non-standard
> systems, and in the foreseeable future, non-TCPA systems, is 
> essential to
> me, and to many others.
> 
> All this talk of regulating the internet is very scaring, 
> since it hurts the
> choice in technology we have now. Putting the burden on ISP's 
> for all the
> woes we see, is counterproductive. What will we do once we've 
> put them all
> out of business, policing the net without financial compensation?
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ