Re: [fw-wiz] A fun smackdown...

• Previous message: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
• In reply to: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Next in thread: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Chuck Swiger <chuck@codefab.com>
Date: Thu, 19 May 2005 19:08:37 -0400 (EDT)

On Thu, 19 May 2005, Chuck Swiger wrote:

> >> I suspect that using greylisting, honeytraps, teergrubes, and similiar
> >> techniques can do a lot to help slow down the spread rates of malware
> >> and spam. That's one way of making an "allow all" rule less risky
> >> than
> >> the "deny all" rule might be. Of course, you have to make sure your
> >> honeytrap software is up to the task, which is not as easy as it might
> >> seem.
> >
> > I still don't see that as less risky.
>
> Is it easier to defend against a known attack then against an unknown
> one?

There's not a generic answer for that, it depends on the attack, the
defender's capability and the environment.

> Computers are good at logging and keeping track of the statistics. The

Yes, but they're not yet good at making up enough of a protocol to get
enough of a response to get a payload, automatically analyzing and
decrypting that payload, etc. Though operational sites might not be too
interested in things that speak protocols they don't.

> problem is understanding what all of the noise means and presenting it
> to the user in a fashion which helps them make decisions.

Identifying the source of the noise is one way to gain potentially useful
information (i.e. "Is this a new worm, or just a polymorphic copy of one
I've seen before?")

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
• In reply to: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Next in thread: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How much time do we have to figure this out or Ill be 50 fucking years old next month ... this article wasn't just about the JFK assassination. ... point in time where america really started to go in the wrong ... Paul and guiliani and shudder at the fact that the audiance applauded ... that we invited the attack because we were attacking Iraq. ... (alt.gathering.rainbow) Foreknowledge of 911: Dr Stan, agai ... as Rumsfeld said in his January ... Most people don't understand the events that led up to the 9/11 attack ... Intelligence Community, but can't reveal what he knows because his ... discuss that issue, but Paul O'Neill, a prominent member of President's ... (rec.org.mensa) Re: How much time do we have to figure this out or Ill be 50 fucking years old next month ... then again the planet end within the ... this article wasn't just about the JFK assassination. ... Paul and guiliani and shudder at the fact that the audiance applauded ... " They attack us because we've been over there. ... (alt.gathering.rainbow) Re: Overheard @ the Republican Debate... ... That would be Dennis Kucinich, who is more in my line of thinking on, shall we say, social issues and the like (as a registered independent, I get to pick which party primary I'd like to vote in next year, hence voting against Paul comment). ... Republicans were elected to end the Korean War. ... Are you suggesting we invited the 9/11 attack, ... (rec.music.gdead) Overheard @ the Republican Debate... ... That would be Dennis Kucinich, who is more in my line of thinking on, shall we say, social issues and the like (as a registered independent, I get to pick which party primary I'd like to vote in next year, hence voting against Paul comment). ... Republicans were elected to end the Korean War. ... Are you suggesting we invited the 9/11 attack, ... (rec.music.gdead)