-----BEGIN PGP SIGNED MESSAGE----- On Fri, 7 Sep 2001, Everhart, Glenn (FUSA) wrote: > The legalities trail the technical realities here. > > Consider that if someone starts throwing punches at you, you are > generally allowed to throw punches back and are not required merely to > attempt to block the punches thrown. As one far wiser than I once stated, "You don't fight fire with fire. You fight fire with water." Thinking that counterattacks and "benign" net-wide worms are the solution in this case is a folly sired solely out of frustration. I should also note that when people begin accepting the notion of "benign" worms, it won't be long before someone will release a malevolent worm bearing a benign worm's signature. Mark my words on that. Then we'll be right back to Square One. > Probably the closest analogue in the non-cyber world is a disease. How > do we deal with an epidemic? At least some of the time, massive and > compulsory vaccination, and compulsory isolation of the infected, has > been done to contain such events. In looking over data from the Center for Disease Control, history does not support your claim. The first and best response to any epidemic has always been quarantine. Quarantines in the form of firewalling and IP filtering are far less problematic than releasing additional worms. As for the notion of vaccines, those already exist: they're called patches. (I won't go into the compulsory remark since that inevitably entails government intervention and regulation...an anathema to yours truly.) > A second analogue would be what happens when some new plant or animal > gets introduced where it has no natural enemies, and new predators must > be brought in as well to control it. You may wish to take a look at the ecological disasters that have occurred when humankind has attempted as much before endorsing such measures. Consider Australia and their import of the Cane Toad to control sugar cane pests. The toads ended up *not* eating the pests they were brought in to destroy and have instead proven to be an unparalleled biological hazard to the indigenous wildlife in the region. Even worse, the toads have no natural predators in Australia and have been breeding out of control since their introduction. > What is the best way to deal with such? A three-point approach solves the bulk of the problem: 1. CONCENTRATE on your systems: Admins should patch their own systems before worrying about anyone else's. Before tending to the mote in thy neighbor's eye, consider the beam in thine own. 2. COMMUNICATE the problem: When finding Code Red attacking your systems, notify the offending party (preferably through an automated means). Be courteous and helpful. All told, most folks really want to do the Right Thing(tm). 3. CONSOLIDATE your defenses: Update firewalls, filters and other perimeter defenses. Automate these procedures where possible. This has a way of yanking the fangs out of many an automated intrusion agent. Blah. Too many people talking and not enough people listening. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `--- Failure is never as devastating as regret. ---' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO5kIJ7lDRyqRQ2a9AQGeVQP+J6jkAcw7fGXDPsVSWCMEs81svKKk5diS TTR8siU/1Js+EoD/M/Vs12PXQDfthJSIVBpSjsCKMGkjAIa2KROaOw9waUgma/yg fhPT6/jcaPOUM6LolQDrC0v/Q/xq+MYK1W1Gz2POILkX5bCAgkmkniLYwHkRzQGX DLYgQ4eODv8= =E/J/ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 12:18:56 PDT