Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)

From: Gwendolynn ferch Elydyr (
Date: 06/03/04

  • Next message: George Capehart: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
    To: "Paul D. Robertson" <>
    Date: Thu, 3 Jun 2004 10:39:04 -0400 (EDT)

    On Thu, 3 Jun 2004, Paul D. Robertson wrote:
    > One of the best quotes yet that I got from a vendor in a meeting was
    > "Stop! I can't think that fast!" In that case though, the users were
    > being pressured into evaluating and possibly purchasing something they
    > didn't want- but politically couldn't dismiss themselves. I got invited
    > to do the thing they were used to seeing me do- beat up the vendor over
    > security- but this time it was to their advantage for me to poke holes in
    > it, since it'd give them ammo for rejecting the whole silly scheme.

    Wandering somewhat afield, the most remarkable reaction that I've ever
    gotten from a vendor was the one who called up, practically in tears,
    and proclaimed "You can't do this to me! It's not fair!" [0].

    I was completely boggled that they thought that a social attack of that
    nature was likely to have any effect other than causing me to flee farther.

    More to the point, it also helps when you can go down a litany of
    requirements with the vendor, and force them to address each item [1]...

    > Get some sand, a bucket, a nail and a hammer, and *show* them how much
    > effectiveness they lose with each port.

    Hrm. I may have to try that... if nothing else, it's a fun example ;>

    [0] "this" being not including their product in the final evaluation
    phase. At the time, they didn't have a TLS gateway, which was a showstopper.
    [1] Then again, it's always fun to include "Meets RFC 1149 and 3514".
    "A cat spends her life conflicted between a deep, passionate and profound
    desire for fish and an equally deep, passionate and profound desire to
    avoid getting wet. This is the defining metaphor of my life right now."

    firewall-wizards mailing list

  • Next message: George Capehart: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"