再保险:你的法律顾问在击败DDOS攻击

> - - - - - - - - - - - >从原始信息:史蒂芬·m·Christey [mailto: coley@LINUS.MITRE.ORG]>评论东西大卫勒布朗建议……> > > > c。太阳用户应该确保只允许从rpc交通> > >管理系统。> >我不会进入特定供应商的行为。我们可以让> >文档非常大如果我们进入这样的细节。> >在这种特殊情况下,我会不同意。大约一半的>证书报告发表在1999年> RPC服务处理严重的漏洞。大部分的CERT活动总结过去一年>状态,这些漏洞被广泛利用。> SANS GIAC定期报告显示,攻击者试图> RPC服务的访问。我的推理是,经常有人建议限制端口137 - 139为NT TCP和UDP,这有几个常见的利用去年在IIS漏洞。如果我们要进入具体行动来防止常见的利用各种公开的供应商,我们可以想出一个很长的名单。 ( didn't we just go over 500 in the list? ) I agree with you that RPC has historically been and remains a popular way of compromising many UNIX machines, but I'd advise against getting into vendor specifics in this particular document. I also know that it is currently a popular way to gain access used to install some of the DDoS tools, but again, this could change very, very rapidly. For one thing, most of the DDoS tools do not currently run on NT, but I've personally ported a lot of UNIX code to NT, and I don't think there are any technical reasons that DDoS tools cannot run on NT. Not that I plan on porting any of the attack tools... I'm also not sure it is fair to single out any one vendor in a document of this type, and this could be just the problem of the day. My $0.02, and I don't feel strongly enough about it to argue further - I think reasonable people could easily come to different conclusions on this point.