[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTinj23UE3kbWjo9OcsQiKF0Z4IJ8xiHXMMh4LOZk@mail.gmail.com>
Date: Fri, 2 Jul 2010 20:07:32 +0200
From: Dan Kaminsky <dan@...para.com>
To: Thierry Zoller <Thierry@...ler.lu>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Should nmap cause a DoS on cisco routers?
> DR> And many of them could be mitigated via BCPs until such time as
> DR> fixed code could be deployed, as well.
> There it is again, BCP. Is this the new "IDS" ?
>
>
Best Practices are what forms when Ops guys are given broken systems and
told to make them work.
This isn't meant in a derogatory way. Do you like things working? I sure
do. If it takes rules like "don't run trivial networking scanners on the
VoIP network" to keep the phones running, well, guess what.
There is a problem that this masks issues. Attacker's aren't exactly known
for saying, "I'd own your network, but that would violate best practices, so
I won't." VoIP code (speaking from fairly direct experience) is
aggressively fragile, partially since it comes from a background where the
presumption was that all traffic was trusted, and partially because the
specs are so hideously turgid.
In the short run, best practices are the only way to keep this stuff
stable. In the long run...what's that? Just gotta get to the next
quarter...
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists