Re: NYT Article this morning

Valdis.Kletnieks@vt.edu
Tue, 24 Jan 1995 13:44:42 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Friedrichs: "Re: Hijacking tool"
Previous message: Christopher Klaus: "Re: IP spoofing vs tcp wrappers and netacl"
In reply to: David Kovar: "Re: NYT Article this morning"

On Mon, 23 Jan 1995 20:46:20 EST, David Kovar said:
> > To fully fix the problem will require all the vendors to come out with
> > kernel patches to make the TCP sequence numbering difficult to guess, then
> > have all the admins apply those patches to all the machines on Internet, 
> > and then we will have solved the problem.  (While we are at it, have 
> > admins install patches that stop get-root scripts also).  Pretty simple and
 
> > quick to implement.  <grin>
> 
>   I don't have access to the source for the appropriate modules, but it
> seems to me that this is a relatively simple change. What am I missing?

What you're missing is that making the change is trivial.

Getting it deployed is another story.  There are an estimated 2.5 million
or so hosts on the Internet, many of them PC's, Macs, and various
legacy systems dating back to the Stone Age.  Many dont have software
maintenance contracts, or are running release of software no longer supported.

I dont' have kernel source for AIX 2.2.1 - it's going to be a REAL
challenge for me to make the change for my two home systems, which IBM
stopped supporting 5 years ago.

				Valdis Kletnieks
				Computer Systems Engineer
				Virginia Tech

Next message: Oliver Friedrichs: "Re: Hijacking tool"
Previous message: Christopher Klaus: "Re: IP spoofing vs tcp wrappers and netacl"
In reply to: David Kovar: "Re: NYT Article this morning"