North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Packet anonymity is the problem?
In message <C7AA377F-8B92-11D8-8702-000A95CD987A@muada.com>, Iljitsch van Beijn um writes: > > >> Bellovin compared the situation to bank robberies. "[S]treets, >> highways >> and getaway cars don't cause bank robberies, nor will redesigning >> them >> solve the problem. The flaws are in the banks," he said. Similarly, >> most >> security problems are due to buggy code, and changing the network >> will >> not affect that. > >Ok, then explain to me how removing bugs from the code I run prevents >me from being the victim of denial of service attacks. > That's where my analogy breaks down -- but you're being victimized largely because of bugs in code other people run. I stand by my statement: most of the security problems we have on the Internet are due to buggy code. (If you want to stretch the analogy, imagine a bogus newspaper report that stimulates uncritical readers to withdraw their money. It's called a run on the bank, and it's every bit as much a denial of service issue as excess packet floods -- bank runs are transaction rates much greater than what the (financial) system was designed to handle. And when they're triggered by false rumors -- well, you get the picture, and my metaphors are stretched too thin as is.) --Steve Bellovin, http://www.research.att.com/~smb