Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: router worms and International Infrastructure

  • From: Christopher L. Morrow
  • Date: Mon Sep 19 22:50:16 2005


On Mon, 19 Sep 2005, Florian Weimer wrote:

> * Christopher L. Morrow:
>
> > I'm curious as to why people think that the problem isn't being
> > addressed?
>
> Do you see a business case for ISPs to help mass-market customers to
> clean up their infected PCs?

Nope, but I see a business case for software vendors to fix their
problems, and for education of the people that are a problem. I'm not sure
it'll fix the problem either, but blocking ports hasn't been wholey
effective either, especially not when you consider RPC-over-http now :(
hurray!

>
> I still hear claims from the ISP folks that anything but prevention
> isn't viable, and all available data suggests that prevention is an

Mostly this is probably true. Consumer ISP's are in a rough battle of
idiots/users versus 'next exploit against the most common platform
deployed'. Sure there are stupidities committed by other than software
vendors (how many routers have login passwd: cisco and no vty acl? How
many cayman/dsl routers are out there with default userid/passwd and
remove management enabled? How many wireless AP's are there with default
admin setup? ... for fun, try the one at the Baron's Cove Inn in Sag
Harbor... poor folks :( )

The issue of 'are consumer users getting better/worse/owned/deleted' isn't
really the problem, the issue is "Is the Internet being treated as
'Critical Infrastructure' by some people in a position to make it
'better'?"

I'd say that yes, there are lots of folks that consider their little piece
of the Internet to be 'critical' and who are making steps where they can
to ensure it's protected to the best of their ability. Just because folks
aren't out beating drums daily doesn't mean the work isn't getting done.

So, what leads you to believe it's NOT getting
fixed/looked-at/worked/considered?

> utter and complete failure.  (Okay, maybe I'm exaggerating a bit, but
> you get the idea.)

I think Sean Donelan has some numbers about this... or we could google
search the nanog archives :)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.