lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: SQL Slammer - lessons learned

-----Original Message-----
From: Helmut Springer [mailto:delta@...eVe.Uni-Stuttgart.de] 
Sent: Sunday, February 09, 2003 2:30 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned

>It is not the part of the phone company to decide what topics 
>can be discussed in a phone call.  Neither is it the part of 
>ISP to decide what traffic their customers are able to transmit.

This analogy is false.  Your phone calls do not affect my ability to
connect to the telephone company, nor to do they take down my phone
system.  The worst you could do is to hope that you can congest the
system to the point that I have to use alternative means to communicate.
Furthermore, while the phone company doesn't decide the topics you can
discuss, they most *certainly* control what you can and cannot transmit
across their lines.  They control the entire network.

Finally, ISPs are not phone companies.  They are companies that contract
with customers to provide them with a connection to the Internet.  While
*some* ISPs may also be phone companies the two businesses are
independent of each other.  (Indeed some would argue that for a phone
company to act as an ISP as well is a conflict of interest that harms
the consumer.)

>Internet is the ability to send ip packets from one node to another.

No, it's not.  It's much more than that.  It's the ability to
communicate through multiple means and methods.  And much more.  It is
not simply a connection from one node to another.  If it *was*, you
wouldn't be concerned about blocking ports.

>At is not your part to decide if my system at home is secure or not.

However, when your system affects mine, then I am involved.  Just as you
can do anything in the privacy of your own home, but some things will
get you arrested in public, you can do anything on your own network, but
when you get on the Internet you are in public, and the public has a
right to demand certain behaviors from you and inflict certain
consequences on you if you fail to comply.

>Of course.  Otherwise shut down all telephone lines immediately, 
>there are overwhelming odds planned, organized and conducted over
those.

Again, a false analogy.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ