RE: SQL Slammer - lessons learned (fwd)

["Steve Wray" <steve.wray () paradise net nz>]

So demonstrate to your ISP that you are competent.
Whats wrong with that?

And if someone isn't competent and doesn't get an
open pipe internet connection and doesn't get their
IIS server infected with nimda WOOOO HOOO FANTASTIC!

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Steffen Dettmer
> Sent: Monday, 10 February 2003 12:53 p.m.
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] SQL Slammer - lessons learned (fwd)
>
>
> * yossarian wrote on Sun, Feb 09, 2003 at 19:52 +0100:
> > My question - must my ISP know all types of traffic legit 
> to me, in order to
> > service me? 
>
> I don't think they can. Maybe they can serve AOL customers
> without any requirements except high color depth, but for people
> that work with the net, they cannot.
>
> > can not setup a FW that suits me 100%, since it has other 
> companies /
> > customers with different needs on the same local loop.
>
> Yep, and the same applies to standard software. Usually I expect
> my software to be highly customizable, I want to define what key
> does what action, but many people just consume solutions suited
> for different requirements in some strange way. Well, so let them
> do, but they let me do my business. And so I don't expect
> government or anybody to get to deep into my business. In
> germany, it's now illegal to serve sex pages in the afternoon I
> heard, but despite the fact that this is technical impossible I
> don't see a valid reason for it. 
>
> And if someone think about some "whitelists", this is also
> impossible, since I also feel free to apply strong cryptography
> whereever I want - I do nothing illegal, but I still may be
> interested in keeping my love letters private.
>
> > So even if my ISP were to block most of the dangerous traffic,
> > I still would need a FW, since it cannot block all. 
>
> Well, a packet filter helps nothing, so the ISPs need content
> filters. And content filters don't work for me as long as there
> is a single false positive.
>
> > And since an ISP must make profit, having them doing MY
> > firewall be probably be a lot more expensive than if I do it
> > myself.
>
> Well, I don't think that this is neccesarily true, at least if it
> concerns non-professional non-security people. You are able to do
> it in a short time, but most users are not educated to deploy
> usable security I think. So having experts for security, isn't
> bad in my opinion, but it's me, the user, that have to do the
> specification.
>
> I work a little in this business, and when I start to promise I
> protect anybody against anythink, I'm lying, even with best-made
> firewalling. All we do is risk management. So when requiring
> impossible things, the ISPs would have the problem: they cannot
> do technically, noone will pay it, so noone should require it.
>
> oki,
>
> Steffen
>
> -- 
> Dieses Schreiben wurde maschinell erstellt,
> es trägt daher weder Unterschrift noch Siegel.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html