[Dshield] RE: Port 135 - fork to edu security

J. Foobar jfoobar1 at yahoo.com
Sun Oct 27 20:52:40 GMT 2002


Comments in line.

--- Ed Truitt <ed.truitt at etee2k.net> wrote:
> I'll chime in with my $0.02, since bashing the IHEs
> seems to be becoming the
> favorite pastime of IT security types:

It's not like there isn't some reasonable foundation
of fact for this bashing.  Before the current
proliferation of home broadband subscribers, IHEs were
about the #1 source of easily-compromised
Internet-connected systems out there.  Additionally,
the demographic that they serve is host to no small
number of cyber ne'er do wells.

Now, granted, it probably isn't fair to cast
ubiquitous aspersions at IHEs on the whole.  Many of
them, no doubt, maintain a reasonably secure network. 
Many more, I am quite sure, probably would if it were
not for suffocating financial and/or political
considerations.  

> I have reported hacktivity to numerous
> organizations:  US-based ISPs,
> international ISPs, businesses, non-profits,
> schools, and IHEs.  My
> experience is that IHEs (and small ISPs) are among
> the quickest to respond
> to these reports, based on how long it takes between
> the time I report it
> and the time the hacktivity stops.

A good point.

> In my travels, I attend multi-day meetings in
> different places.  Most of the
> time, I can pretty well write off access to the
> Internet - either it doesn't
> exist, or you have to have an ID on their internal
> network to get out.  Not
> so when I am at an IHE.  In fact, during one such
> meeting, I was allowed to
> d/l the latest Red Hat ISOs - from the IHEs own
> mirror server.  I doubt most
> corporate network folks would have been so
> accomodating.

So they are accomodating.  The above doesn't have much
to do with security.

> IMNSHO, so long as they do reasonable packet
> filtering (ingress and egress)
> to keep the martian and spoofed-source IP traffic
> down, and take action
> against people / machines on their network doing bad
> stuff (Nimda / hacking
> = bad, running a P2P server <> bad, regardless of
> what Disney or the RIAA
> may think), I don't care if they run a firewall /
> IDS or not.

You might care if a few hundred of their computer lab
machines are used as the foundation of a massive DDoS
against your web servers.  Yes, they may jump all over
fixing the problem after you call them, but it will be
small comfort to have the barn door closed after the
horses have all run away and gone to Vegas.

It will be of great interest to your legal department,
however, if their "involvement" in the attack would
have been prevented by industry standard security
practices.

> As to the lawsuits, "I didn't know the coffee was
> THAT hot" would work about
> as well.  I doubt most jurors could even spell
> 'firewall' or 'IDS', much
> less tell you what a "well implemented" one looked
> like.

I probably don't have any more love for civil lawsuit
abuse than you, but that's not how it works in
technical civil cases.  

__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




More information about the list mailing list