[linux-elitists] random questions

Karsten M. Self kmself@ix.netcom.com
Fri Dec 7 15:00:54 PST 2001

on Fri, Dec 07, 2001 at 01:12:50PM -0800, Ben Woodard (ben@zork.net) wrote:
> begin  Don Marti  quotation:
> > begin Jay Sulzberger quotation of Thu, Dec 06, 2001 at 01:49:49PM -0500:
> > 
> > > There are only a few, some say two, people in the world who write all
> > > worms/viruses/trojans.  They will get to the distribution of WIFI attack
> > > scripts as soon as they have produced a superior GNU/Linux worm, using
> > > overflows et al., to encourage better practice in the free software
> > > industry.
> > 
> > But the ready-to-run tools for cracking WEP already exist.
> > http://airsnort.sourceforge.net/
> > 
> > They couldn't be much easier to use if they were preinstalled at
> > the factory.
> > 
> > And most wireless networks don't even have WEP turned on.
> I honestly don't understand why this is a problem. It has been
> literally a decade since I even remotely considered my physical layer
> any sort of protection. (in 1990 I was shown my first demonstration of
> network sniffing of credentials). 
> Plus I also believe that bandwidth should be ubiquidious nearly free
> commodity resource. By carefully partitioning off and hoarding
> bandwidth we play right into the hands of those people who want to
> extract the maximum profit from the internet. 


By analogy:  if transport layer security was the norm in meatspace, you
wouldn't have an immune system, but we'd have people located in plastic
bubbles, connected by "secure" transportation mechanisms, with
everything arriving at your bubble blasted with ionizing radiation or
sterilizing heat.

Security belongs on the host, with host firewalls configred by default,
*and* an architectural model such that arbitrary content *doesn't* have
the opportunity to take over the system entirely.

Some level of quarantine on the network is likely appropriate --
gateways configured to recognize characteristics of a DoS attacks and
refuse further traffic from the upstream source, along with a
notification protocol so that if the upstream is merely another victim,
rather than an originator, of the attack it can be alerted to identify
possible sources for suspect traffic itself.  Censorship is not good,
but withholding facilitation of such distributed attacks is a good way
to whack slacking netops across the nose and alert them to a problem.

However, the best way to avoid rampant infections is to provide hosts
that aren't susceptible to infection, and to isolate (by withdrawing
network support) those which won't heal themselves.


Karsten M. Self <kmself@ix.netcom.com>       http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             Home of the brave
  http://gestalt-system.sourceforge.net/                   Land of the free
   Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire                     http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20011207/4af4a6d5/attachment.pgp 

More information about the linux-elitists mailing list