North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Over three million computers 0wned?
- From: Sean Donelan
- Date: Mon Jun 30 04:01:17 2003
On Sat, 28 Jun 2003, Etaoin Shrdlu wrote:
> Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous
> amount of software out there that makes it EASY to take over machines (and
> I include every single default install of every single OS that enables
> anything more than port 22), if it weren't for the stunning array of folk
Heavy sigh. Unfortunately even that isn't good enough for some vendors.
Yep, believe it or not, at least one vendor managed to create a buffer
overflow in their IP stack which didn't require *ANY* ports to be open
on the victim. If it was connected to the network with an active IP
interface, that was enough. If you want complete network safety, you
want wire cutters. Then you just have to worry about the traditional
physical stuff like sneaker net, theft, etc.
The unanswered question is what should be considered reasonable? And
how much of a burden should the end-user carry?