Re: Firewall Activity analysis

From: Matt Harris (mdh@unix.si.edu)
Date: 12/11/02

  • Next message: Matthew F. Caldwell: "RE: Firewall Activity analysis"
    Date: Wed, 11 Dec 2002 17:11:45 -0500
    From: Matt Harris <mdh@unix.si.edu>
    To: "Anton A. Chuvakin" <anton@chuvakin.org>, focus-ids@securityfocus.com
    
    

    "Anton A. Chuvakin" wrote:
    >
    > And the dangerous thing about jumping in and implementing some simple
    > rules (such as "connection failed -> conn successful"), might create a
    > nice little (well, BIG actually!) "false-positive machine" and NIDS
    > systems already provide plenty of that.

    Just imagine if an SSL web server (port 443) had images on it hosted on
    the same system on an insecure virtual host (port 80) and the image
    server went down (failed connection), then they clicked a link to
    another document on the secure server (successful connection)... It
    would more than likely be going off for everyone hitting the web site...
    For a busy site, this could spell disaster.

    -- 
    /*
     *
     * Matt Harris - Senior UNIX Systems Engineer
     * Smithsonian Institution, OCIO
     *
     */
    


    Relevant Pages

    • Re: How many NIC for a event photography viewing system, advantages of Quad Port (4-port) NICs
      ... I don't know the Parata sofware, but if it is being served as web pages with 20K image you should be able to serve hundreds of clients depending on how furiously the users click through the images. ... hosts images on the Windows server and used the Apache server. ... How many viewing stations should be connected to one port of the ...
      (microsoft.public.windows.server.networking)
    • RE: Some technical errors
      ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
      (Security-Basics)
    • Re: Managing "capabilities" for security
      ... default tickets are held by the kernel and can be chosen by the parent ... The default ticket for any particular call is assumed unless the ... than to check that the server address on the ticket is good. ... the kernel had to invoke the RPC if the service port IN YOUR ...
      (comp.arch.embedded)
    • Re: SRV RRs support in Internet Explorer?
      ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ...
      (microsoft.public.win2000.dns)
    • Re: Still cant connect to RWW or OWA remotely
      ... I get 'cannot find server or dns error' on both ... TCP [port number]> to open the ports. ... As for error messages when I fail to access RWW with the laptop, ... network, no connection seems possible. ...
      (microsoft.public.windows.server.sbs)