Re: [fw-wiz] A fun smackdown...

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 05/20/05

  • Next message: Tichomir Kotek: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls" 
    To: Chuck Swiger <chuck@codefab.com>
Date: Thu, 19 May 2005 19:08:37 -0400 (EDT)

    On Thu, 19 May 2005, Chuck Swiger wrote:

    > >> I suspect that using greylisting, honeytraps, teergrubes, and similiar
    > >> techniques can do a lot to help slow down the spread rates of malware
    > >> and spam. That's one way of making an "allow all" rule less risky
    > >> than
    > >> the "deny all" rule might be. Of course, you have to make sure your
    > >> honeytrap software is up to the task, which is not as easy as it might
    > >> seem.
    > >
    > > I still don't see that as less risky.
    >
    > Is it easier to defend against a known attack then against an unknown
    > one?

    There's not a generic answer for that, it depends on the attack, the
    defender's capability and the environment.

    > Computers are good at logging and keeping track of the statistics. The

    Yes, but they're not yet good at making up enough of a protocol to get
    enough of a response to get a payload, automatically analyzing and
    decrypting that payload, etc. Though operational sites might not be too
    interested in things that speak protocols they don't.

    > problem is understanding what all of the noise means and presenting it
    > to the user in a fashion which helps them make decisions.

    Identifying the source of the noise is one way to gain potentially useful
    information (i.e. "Is this a new worm, or just a polymorphic copy of one
    I've seen before?")

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Tichomir Kotek: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"

    Relevant Pages

    • Re: How much time do we have to figure this out or Ill be 50 fucking years old next month
      ... this article wasn't just about the JFK assassination. ... point in time where america really started to go in the wrong ... Paul and guiliani and shudder at the fact that the audiance applauded ... that we invited the attack because we were attacking Iraq. ...
      (alt.gathering.rainbow)
    • Foreknowledge of 911: Dr Stan, agai
      ... as Rumsfeld said in his January ... Most people don't understand the events that led up to the 9/11 attack ... Intelligence Community, but can't reveal what he knows because his ... discuss that issue, but Paul O'Neill, a prominent member of President's ...
      (rec.org.mensa)
    • Re: How much time do we have to figure this out or Ill be 50 fucking years old next month
      ... then again the planet end within the ... this article wasn't just about the JFK assassination. ... Paul and guiliani and shudder at the fact that the audiance applauded ... " They attack us because we've been over there. ...
      (alt.gathering.rainbow)
    • Re: Overheard @ the Republican Debate...
      ... That would be Dennis Kucinich, who is more in my line of thinking on, shall we say, social issues and the like (as a registered independent, I get to pick which party primary I'd like to vote in next year, hence voting against Paul comment). ... Republicans were elected to end the Korean War. ... Are you suggesting we invited the 9/11 attack, ...
      (rec.music.gdead)
    • Overheard @ the Republican Debate...
      ... That would be Dennis Kucinich, who is more in my line of thinking on, shall we say, social issues and the like (as a registered independent, I get to pick which party primary I'd like to vote in next year, hence voting against Paul comment). ... Republicans were elected to end the Korean War. ... Are you suggesting we invited the 9/11 attack, ...
      (rec.music.gdead)