Vernon Schryver wrote:
> Actually, those who understand the security problem of IP source routes
> knows something else. IP source route options are not problems except to
> broken hosts. It would be nice to think there are no longer such broken
> hosts on the net, but that is too much to expect. In a reasonable world,
> we would expect anyone who cannot install non-broken software on their
> hosts to install filters against IP source routes where they will do the
> least damage, close to the broken hosts.
That is one of the reasons I think cryptography between servers
(SSH/IPsec, for an example) and another technologies will be of great
use. Although I am studying many other standards and haven't yet a
consistent oppinion.
> However, in this world, the news about the irredeemable evil of all ICMP
> packets will join year-old news about the utter evil and uselessness of
> IP source routes and IEEE 802.3 collisions. We'll be hearing about all
> three for the next 50 years. (From my poking around, it appears that more
> than half of the Internet is now filtering all ICMP TTL-Exceeded, so the
> damage done to `traceroute -g`, `ping -R`, and other things by filtering
> IP source routes does not matter.)
Unfortunately those other fifty percent do matter in this world where
people poke around exceedingly, as I have been experiencing here in
Brazil. I expect to be publishing security news in *Portuguese*, as the
brazilian community needs a public site regarding security..
> Assuming there is an algorithmic definition of "strangely high
> traffic from a unique site", how would a backbone and so Terabit/sec
> router log anything about it? Is it easy to define, detect, and
> record state for streams if they are strangely high, and the reports
> about the difficulties of maintaining state for "multimedia" and
> similar buzzword streams do not apply?
Well, there is not exactly a way to determine, only by probing
deterministic situations on packets written in the network, but it still
can be dangerous for innocent hosts. Only by writing a completely
trusting network and it is, unfortunately, impossible when the enormity
of the Internet is seen..
> Judging from their volume, the world needs a lot more documents about
> network or computer security that are more repetitions of trade rag rumors
> and security vendor marketing wishes than facts. However, there's no
> reason for the IETF to compete with the current publishers of such works.
Fortunately I will try to distribute certain informations about network
security. But I need some tips and I will be grateful if the IETF can
contribute. Sincerely, it would be very nice to see IETF names floating
by my side.
As always, the most information you inject into the network, the better
it becomes..
Cesar Suga <[EMAIL PROTECTED]>
