再保险:你的法律顾问在击败DDOS攻击

所有,而艾伦的邮件超越了CVE的范围,它是全社区的相关意义的努力,尤其是在这么多现在公共是注意安全。因为编辑委员会成为社区的一个横截面,这样的讨论可能是卓有成效的。因此在我看来,偶尔non-CVE-related线程可能适合这个列表,包括这个线程。由于没有正式发布政策,我要求董事会成员行使自由裁量权在考虑他们是否应该引入新的,non-CVE主题列表。如果有任何使用这个列表的担忧,你可以跟我讨论这些离线,或者我们可以把它放在面对面会议的议程。评论,大卫·勒布朗建议……> > c。太阳用户应该确保只允许从rpc交通> >管理系统。> >我不会进入特定供应商的行为。我们可以让>文档非常大如果我们进入这样的细节。在这种特殊情况下,我会不同意。 Approximately half of the CERT advisories published in 1999 deal with serious vulnerabilities in RPC services. Most of the CERT activity summaries in the past year state that those vulnerabilities were being extensively exploited. The SANS GIAC reports indicate that attackers regularly attempt to access RPC services. Perhaps this bullet should be generalized to suggest that users disable services or restrict their access, and emphasize RPC. Disabling or filtering unnecesary services would automatically prevent a lot of security holes from being exploited from arbitrary locations across the network. It requires the attackers to find other routes in order to exploit the vulnerability - yes, they can do it, but it's (presently) more difficult. - Steve