LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

De-worming the net

De-worming the net

Posted Nov 24, 2004 12:53 UTC (Wed) by agreenhalgh (guest, #7780)
Parent article: De-worming the net

One possible comment worth making is that our current internet architecture doesn't do much to help protect the end user from attack. We have an architecture where every device on the network is equal and can send data to or receive data from another host. Ok whilst this is probably what you'd like to have , it does open the large number of client machines out there to be attacked, compromised and reused as spam relays or DoS bots.

This paper we recently presented at the FDNA workshop at Sigcomm goes into some of the issues. The paper is intended to open a discussion and to make people aware of what some of the solutions to this problem is, it is intended to be contravershal.

http://www.sigcomm.org/sigcomm2004/workshop_papers/dos-ar...

(Log in to post comments)

De-worming the net

Posted Nov 24, 2004 17:11 UTC (Wed) by farnz (guest, #17727) [Link]

You make it very hard for a random user to set up any sort of services on their own box; examples of services a random user would want to set up (and that you exclude) are remote desktop services, so that I can connect to my home machine from work, and do things on the home machine, and remote administration services, so that I can delegate responsibility for my machine to a remote authority.

What might work as a variation is allowing all Internet nodes to flag which services they have open; an ISP can then e-mail a user to say that (for example) 2001:8b0:104::1 is running an SMTP server now, or a user can indicate to their ISP that they only want 2001:8b0:104::22 to provide an ssh service.

De-worming the net

Posted Nov 24, 2004 18:24 UTC (Wed) by bfields (subscriber, #19510) [Link]

> What might work as a variation is allowing all Internet nodes to flag
> which services they have open; an ISP can then e-mail a user to say
> that (for example) 2001:8b0:104::1 is running an SMTP server now, or a
> user can indicate to their ISP that they only want 2001:8b0:104::22
> to provide an ssh service.

I don't understand the focus on services. Haven't some of the most effective automated attacks in recent years been entirely client-based? Send someone an email, which they download, which exploits their mail client and uses it to send more email.

What's the benefit to drawing distinctions between clients and servers?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds