[Dshield] Zombie Prevention : May I Sample Some Opinion?

Kevin kkadow at gmail.com
Wed Nov 16 03:02:48 GMT 2005

On 11/15/05, Nicholas Albright <wiretapp at shadowserver.org> wrote:
> P2P is evil! Bittorrent has its place, but .torrent files should always be downloaded from the program authors website, never from TorrentSearch or simular.

File-sharing aside, I've seen a massive increase in P2P traffic
generated by Skype and Vonage;  when using these Internet Telephony
applications from inside a firewall, P2P techniques used by clients to
enable inbound calling.

Skype can even be configured to use HTTP "CONNECT" through HTTP proxy
firewalls (probably learned this trick from Limewire).

> Don't get your stuck into thinking a "hardware" (router with software)
> firewall will protect them. System side firewalls are simply a must too.
> They will protect internal networks, very true of users have wireless routers
> or more than one pc.

Even a small home network can benefit from "defense in depth".  Don't
do you taxes on the same gaming PC that the teens use for chatting
with their friends, and consider using a separate subnet for higher
risk hosts and devices.

On 11/15/05, Stasiniewicz, Adam <stasinia at msoe.edu> wrote:
> -Browser...  I honestly believe that once FireFox, Opera, Mozilla, etc
> get to any sizable market share, they will have just as many problems as
> IE.

The key difference being that with a closed source browser (any app),
only the "official" development team and the black hat community
(through leaked source) have access to the source code.

> I don't think MS employees "extra stupid" programmers, nor do I
> think FireFox has "the world's best" programmers as far as I can tell,
> it is the same grade of human being working at both.  And the numbers so
> far agree with my theory (just look at the numbers Symantec came out
> with a few months ago).

The numbers also support the theory that having access to source is
not a prerequisite for developing and exploiting vulnerabilities.

> I am not saying that everyone should use IE, I
> am just saying that jumping on the "lets all use FireFox" bandwagon,
> might burn you in 1-2 years.

I'm not an open source zealot, but one major advantage of published
source is the  much stronger incentive for developers to not just
mitigate a single exploitable bug, but rather to address the general
class of problem everywhere it exists in the codebase. (A trivial
example: the replacement of not just one but all instances of 'strcpy'
with strncpy/strlcpy).


More information about the list mailing list