Re: Apache to rewrite or not ..
On Thu, 3 Apr 2003 12:30, Fred Smith wrote:
> you may not be familiar with the nimda virus, so i'll give you and
> overview of it. it spreads through a hole in an IIS extention, uses an
> outrageous amount of bandwidth and effectivley gives anyone root on an
> infected machine, via the executables that it places in IIS's scripts
> directory.
If you have a million or more customers of which >100,000 are online and
active at busy times then one customer can't use any amount of bandwidth
that's worth bothering about.
When you have 100,000 customers online you can count on some of them being
insecure and being actively exploited at any time. You can probably expect
about 1000 machines to be compromised at any time. If they all used as much
bandwidth as possible then it might be a small problem, but the typical
broadband setup of slow upload and fast download generally takes care of
that.
When you provide ADSL service etc through a number of partners it can be
rather difficult to track down who has a particular IP address and then work
out how to contact them (hint - many people use a different ISP for email).
When an ISP has one permanent employee per 20,000 customers dedicated to
tracking such things they can do a good job of it. When they have no
employees dedicated to the task and it's something that the network
administrators do in addition to their regular tasks it's simply impossible
for a large ISP.
The only way a big ISP can really control such things properly is to scan all
their customers for vulnerabilities and then disconnect them until the
vulnerability is fixed. In which case sending them an email won't help.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: