Re: SMTP server (How can I find out the real source of an attack

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: Mon Jul 16 2001 - 16:34:41 PDT

  • Next message: Jason Robertson: "Attempted WEB-IIS printer attempt Buffer Overflow"

    "Pavel Kankovsky" <peakat_private> wrote:
    
    > I see a trend: Yesterday, the Internet was a happy place free of DoS
    > attacks. Today, we suffer from a relatively small number of intentional
    > DoS attack. Tomorrow, the whole Internet will collapse under a massive
    > wave of accidental DoS attacks caused by braindead software written and
    > configured by ignorant people. :P
    
    And this is largely because of current "accepted good practice"...
    
    How often in this and related lists (and in the RFCs, etc) do you see 
    advice such as "be generous in what you accept..."?  Because many 
    implementors are so "generous" (but in differently incompatible ways) 
    it is easy for a bad/lazy/stupid implementor to build and test an 
    implementation that works well in all (the limited) ways s/he 
    conceives to test against the limited other implementations chosen as 
    for those tests.
    
    The result is an ever-increasing amount of crappy, non-standard 
    compliant code being put into production.
    
    And, as Pavel notes, when you then deliver this to people who have no
    idea of what the standard is or how to "properly" configure their
    system anyway, things starts swirling more and more rapidly down the
    drain.
    
    
    The really sad thing is, many developers' "solution" to the fact that 
    yet another non-standards compliant implementation has been foisted 
    on the market by a competitor is to rush out and "break" their own 
    product so it inter-operates with the rubbish...
    
    
    
    Regards,
    
    Nick FitzGerald
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 10:16:11 PDT