Re: Scan of TCP 552-554
From: Rodrigo Barbosa (rodrigob_at_suespammers.org)
Date: 07/30/03
- Previous message: Jose Antonio Alvarez: "RE: Command Line RPC vulnerability scanner?"
- In reply to: Chris Shepherd: "Re: Scan of TCP 552-554"
- Next in thread: Chris Shepherd: "Re: Scan of TCP 552-554"
- Reply: Chris Shepherd: "Re: Scan of TCP 552-554"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 17:59:07 -0300 To: Chris Shepherd <chriss@whstuart.com>
On Wed, Jul 30, 2003 at 09:58:42AM -0400, Chris Shepherd wrote:
> You specifically say you have to trust your firewall, and then try and conceal
> its presence. The point in question is whether or not making it look like a
> real machine will delay an attacker more than simply dropping all traffic. IMHO
> the latter is the better overall solution, since once your firewall has been
> discovered, it will slow and frustrate attempts on your network.
Lemme do same diet-quoting here.
You are right, of course. The thing I'm attempting is to make them
hit my traps faster, so I can react faster. And, as I said, I don't
think we should use the same method everywhere. Sametime I use
DROP, sometimes I use tcp-reset and sometimes, icmp-replies.
As far as I got from this discussion, every method is about as good
as the other. All have advantages and problems. The real question is
how to balance them all to have the most benefits of each one of them.
Care to comment on this one ?
[]s
-- Rodrigo Barbosa <rodrigob@suespammers.org> "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
- application/pgp-signature attachment: stored
- Previous message: Jose Antonio Alvarez: "RE: Command Line RPC vulnerability scanner?"
- In reply to: Chris Shepherd: "Re: Scan of TCP 552-554"
- Next in thread: Chris Shepherd: "Re: Scan of TCP 552-554"
- Reply: Chris Shepherd: "Re: Scan of TCP 552-554"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
