Re: [fw-wiz] A fun smackdown...

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 05/20/05

  • Next message: Tichomir Kotek: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"
    To: Chuck Swiger <chuck@codefab.com>
    Date: Thu, 19 May 2005 19:08:37 -0400 (EDT)
    
    

    On Thu, 19 May 2005, Chuck Swiger wrote:

    > >> I suspect that using greylisting, honeytraps, teergrubes, and similiar
    > >> techniques can do a lot to help slow down the spread rates of malware
    > >> and spam. That's one way of making an "allow all" rule less risky
    > >> than
    > >> the "deny all" rule might be. Of course, you have to make sure your
    > >> honeytrap software is up to the task, which is not as easy as it might
    > >> seem.
    > >
    > > I still don't see that as less risky.
    >
    > Is it easier to defend against a known attack then against an unknown
    > one?

    There's not a generic answer for that, it depends on the attack, the
    defender's capability and the environment.

    > Computers are good at logging and keeping track of the statistics. The

    Yes, but they're not yet good at making up enough of a protocol to get
    enough of a response to get a payload, automatically analyzing and
    decrypting that payload, etc. Though operational sites might not be too
    interested in things that speak protocols they don't.

    > problem is understanding what all of the noise means and presenting it
    > to the user in a fashion which helps them make decisions.

    Identifying the source of the noise is one way to gain potentially useful
    information (i.e. "Is this a new worm, or just a polymorphic copy of one
    I've seen before?")

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Tichomir Kotek: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"

    Relevant Pages

    • Re: Attack
      ... Paul K ... Russell Malone is one of the few mainstream jazz guitarists around who still predominantly down picks. ... Do you mean in his single note soloing? ... note stuff that sounds like a heavy attack, ...
      (rec.music.makers.guitar.jazz)
    • Re: Go Cons Go!!
      ... You attack us, and your country automatically becomes a smoking hole in the ground that glows in the dark. ... This means you have enough nukes to destroy multiple enemies many times over as a deterrent to their attacking you. ... This, however, doesn't work with Islamist madmen who would give up their lives and their country if they could take out Israel. ... Pope John Paul II had a hand in it also by ramping up the pressure from within with regard to the people in satellite states. ...
      (alt.smokers.cigars)
    • Re: How much time do we have to figure this out or Ill be 50 fucking years old next month
      ... this article wasn't just about the JFK assassination. ... point in time where america really started to go in the wrong ... Paul and guiliani and shudder at the fact that the audiance applauded ... that we invited the attack because we were attacking Iraq. ...
      (alt.gathering.rainbow)
    • Foreknowledge of 911: Dr Stan, agai
      ... as Rumsfeld said in his January ... Most people don't understand the events that led up to the 9/11 attack ... Intelligence Community, but can't reveal what he knows because his ... discuss that issue, but Paul O'Neill, a prominent member of President's ...
      (rec.org.mensa)
    • Re: How much time do we have to figure this out or Ill be 50 fucking years old next month
      ... then again the planet end within the ... this article wasn't just about the JFK assassination. ... Paul and guiliani and shudder at the fact that the audiance applauded ... " They attack us because we've been over there. ...
      (alt.gathering.rainbow)