Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Over three million computers 0wned?

  • From: Sean Donelan
  • Date: Mon Jun 30 04:01:17 2003

On Sat, 28 Jun 2003, Etaoin Shrdlu wrote:
> Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous
> amount of software out there that makes it EASY to take over machines (and
> I include every single default install of every single OS that enables
> anything more than port 22), if it weren't for the stunning array of folk

Heavy sigh.  Unfortunately even that isn't good enough for some vendors.
Yep, believe it or not, at least one vendor managed to create a buffer
overflow in their IP stack which didn't require *ANY* ports to be open
on the victim.  If it was connected to the network with an active IP
interface, that was enough.  If you want complete network safety, you
want wire cutters.  Then you just have to worry about the traditional
physical stuff like sneaker net, theft, etc.

The unanswered question is what should be considered reasonable?  And
how much of a burden should the end-user carry?






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.