On Fri, 07 Apr 2000 13:07:29 EDT, Stephen Kent said:
but the gray area we're discussing does bother me. If one cares
about knowing where the data originated, and that it has not been
altered, then one needs to make use of the tools provided to address
that concern. if one doesn't use the tools, then one does not care
very much, and the results may be surprising :-).
The sad part is that in this day and age, we had to publish the SANS
DDOS Roadmap, which suggested that things would be a lot better if sites
installed the patches and did ingress/egress filtering.
I suspect that there is a *very large* portion of the Internet community that
does "care very much" (or at least enough to worry a little bit), but is
too new/clueless/whatever to properly find/install/configure the tools.
I encounter a lot of sites that install spam filters and firewalls because
they ARE concerned about spam, hackers, etc. Unfortunately, a lot of them
Get It Very Wrong, and do stuff like bounce SMTP 'MAIL FROM:<>', or Do The
Wrong Thing with NTP traffic, etc etc.
I have to conclude that there's a lot of sites that *do* care very much, but
are lacking the technical expertise to use the tools.
Remember: There's 4 million .coms. There's not 4 million experienced sysadmins.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech