[Dshield] Possible solution for ISP (was DShield's public goals)
Jon R. Kibler
Jon.Kibler at aset.com
Mon Jan 9 23:43:39 GMT 2006
Laura Vance wrote:
> The term "rogue servers" cannot refer to any program that a user
> knowingly runs if its primary purpose is not malicious. IRC was
> designed to be a research tool to be a multi-user "talk" type of
> system. Just because users today are corrupting the use of some systems
> doesn't mean the entire port/protocol should be dropped. Someone else
> in this thread used cars as an example, so I will take it a step
> farther. Dropping a valid port/protocol because a few bad people use it
> for intentionally malicious purposes would be like forbidding car
> manufacturers from selling cars, because a few people ran their car into
> a school bus on purpose. The solution has to be to block holes in
> software that allow malicious software into a system. Then it comes
> down to programmers using proper memory management in their design (not
> using memory pointers without checking/chopping input length, etc).
I was not trying to infer that services such as chat should be banned, or anything like that. I used the term 'rogue server' because most ISPs prohibit residential accounts from running any services on their systems.
I also think you missed my bigger point: Globally routable IPs are required for someone on the Internet to directly route traffic to a system. If every system that was not a server had an IP in private address space, then it would much for difficult for someone to create arbitrary connections to that system from anywhere in the world. That was my primary point -- take away from the bad guys the ability to create easy connections to compromised systems.
Now, I agree that using ingress/egress filtering and NAT will not solve all of the problems -- not by any stretch of imagination. However, if insiders are having to create outbound connections directly to some server, that becomes easier to detect and block.
Jon R. Kibler
Chief Technical Officer
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the list