[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

We hit half-million: The Cidr Report

Subject: We hit half-million: The Cidr Report
From: jeff-kell at utc.edu (Jeff Kell)
Date: Wed, 30 Apr 2014 00:00:19 -0400
In-reply-to: <CAD6AjGSzAuMhc3Gn2PUdunU9Uj3iuPma5fRSuuj-XAgPFK4X5Q@mail.gmail.com>
References: <[email protected]> <[email protected]> <e20085807da04425ac7d2a33a4d7ab42@AMSPR07MB211.eurprd07.prod.outlook.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAD6AjGSzAuMhc3Gn2PUdunU9Uj3iuPma5fRSuuj-XAgPFK4X5Q@mail.gmail.com>

On 4/29/2014 11:37 PM, TheIpv6guy . wrote:
> On Tue, Apr 29, 2014 at 7:54 PM, Jeff Kell <jeff-kell at utc.edu> wrote:
>> On 4/29/2014 2:06 PM, Owen DeLong wrote:
>>> If everyone who had 30+ inaggregable IPv4 prefixes replaced them with 1 (or even 3) IPv6 prefixesâ?¦
>>> As a bonus, we could get rid of NAT, too. ;-)
>>> /me ducks (but you know I had to say it)
>> Yeah, just when we thought Slammer / Blaster / Nachi / Welchia / etc /
>> etc  had been eliminated by process of "can't get there from here"... we
>> expose millions more endpoints...
>>
>> /me ducks too (but you know *I* had to say it)
>>
> No ducking here.  You forgot Nimda.  Do you have an example from the
> last 10 years of this class ?

Oh?  Anything hitting portmapper (tcp/135), or CIFS (tcp/445), or RDP
(tdp/3389 -- CVE-2012-0002 ring any bells?). 

The vulnerabilities never stop.  We just stop paying attention because
most of us have blocked 135-139 and 445 and 3389 at the border long ago.

Now granted that 80/443 (server-side) are more dangerous these days :) 
But that doesn't eliminate the original risks. 

These are ports that were originally open by default...  and if you
"don't" have a perimeter policy, you're "wrong" (policy, compliance,
regulation, etc).

Not to mention that PCI compliance requires you are RFC1918 (non-routed)
at your endpoints, but I digress...

Jeff

Follow-Ups:
- We hit half-million: The Cidr Report
  - From: ikiris at gmail.com (Blake Dunlap)
- We hit half-million: The Cidr Report
  - From: Joshua_Sholes at cable.comcast.com (Sholes, Joshua)
- We hit half-million: The Cidr Report
  - From: jamie at photon.com (Jamie Bowden)

References:
- The Cidr Report
  - From: cidr-report at potaroo.net (cidr-report at potaroo.net)
- We hit half-million: The Cidr Report
  - From: patrick at ianai.net (Patrick W. Gilmore)
- We hit half-million: The Cidr Report
  - From: andy at nosignal.org (Andy Davidson)
- We hit half-million: The Cidr Report
  - From: cboyd at gizmopartners.com (Chris Boyd)
- We hit half-million: The Cidr Report
  - From: patrick at ianai.net (Patrick W. Gilmore)
- We hit half-million: The Cidr Report
  - From: owen at delong.com (Owen DeLong)
- We hit half-million: The Cidr Report
  - From: jeff-kell at utc.edu (Jeff Kell)
- We hit half-million: The Cidr Report
  - From: cb.list6 at gmail.com (TheIpv6guy .)

Prev by Date: We hit half-million: The Cidr Report
Next by Date: We hit half-million: The Cidr Report
Previous by thread: We hit half-million: The Cidr Report
Next by thread: We hit half-million: The Cidr Report
Index(es):
- Date
- Thread