Re: Comments/suggestions on draft

[ericb@digitaljunkyard.net]

 "dh" == Dan Hollis <goemon@anime.net> writes:

dh> On Tue, 17 Jun 2003, Wang,Nai-Pin K. wrote:
>> Are we really just focusing on critical server-class machines here? If
>> so, we should probably replace "hosts" with "critical core servers".

dh> How about "any device whos primary function is to forward packets"?

I'd go one step further.  Perhaps "Any embedded network device"?  Or
"Anything with an IP address that is not a general purpose host"?

The things discussed in here would mostly apply to printers, even
though the threat model is significantly different.  They specifically
apply to things like IP KVMs and terminal servers that do not forward
IP packets at all, but perform critical functions in various networks.

dh> This would cover CPE routers, edge routers, and core routers. As it should 
dh> IMHO. Im rather tired of customer routers being exploited at the slightest 
dh> puff of air due to stupid vendor defaults.

That there is a whole new can of worms.  When Oulu released their SNMP
happiness upon the world, we determined that something like 90% of our
CPE was vilnerable.  But our contracts were written such that it was
illegal for us to reconfigure or upgrade their code.  The CPE belonged
to us, but was their responsibility.

I don't think that ISP contract law is within the scope of this
document, but somewhere in there is a pressing issue begging to be
resolved.  There's a whole world of people out there that talk about
"THE router", rather than "A router".  There's gotta be some way to
help them keep things up to date.

ericb