[Dshield] Who's doing what

Johannes B. Ullrich jullrich at euclidian.com
Sat Aug 11 13:43:37 GMT 2001

I think there are a number of things that should happen. The first step,
to aggressively inform infected sysadmins, is already happening. I make a
strong effort to notify people as they show up in DShield logs.

However, this is not the best solution. The problem with any public
infrastructure like the internet is that every user has to behave
responsible. What people do not realize is that a relatively small number
of home PCs with cable modem access can be used to drive people out of
business. This has been done. And somehow we have to protect the internet
from this problem. There are a number of issues:

- Home systems are notoriously unpatched and it is in my opinion
unreasonable to expect my grandma to stay up to date on the latest
patches. I think in this case, it should be the vendors (MSFT) and the
ISPs duty to protect her system. FIREWALL MY GRANDMA ! FIREWALL HER GOOD!

- Professional systems (colocated servers, ISPs) should be held
financially responible if they are run without trained staff. You need a
licence to run a fork lift at home depot. Why not a licence for ISPs?
Untrained ISPs can do a lot of damage.
<DISCLAIMER> sans.org, my employer, offers great training and
certification </DISCLAIMER>

Even for professionsl systems, software vendors should be held to higher
standards. While I think it is reasonable to ask system administrators to
keep up on patches, vendors should at least offer a service where they
will do it for you. I understand that MSFT is not offering such a service.
IBM on the other hand does. (And of course will they be allowed to charge
for it).

I think the internet should be moving into a phase now where we stop
running it from various garages and more treat it like what it has already
become, a critical part of our infrastructure. After all, people would get
very upset if nobody would care, or even know about, traffic rules.

jullrich at sans.org              Join http://www.DShield.org
                    Distributed Intrusion Detection System

More information about the list mailing list