On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
it one packet reaches your host, nothing happends. Fot the TCP/SMTP
connections to be opened, (at least) three packets must be sent, in
both
directions. If you can trace to 10.x address that is not part of your
network, it's a problem. Solve this problem by configuring of your
network,
firewalls, asking your ISP to do the same. Do not try to solve this
problem
at SA level.
Trust me that I know a lot about IP networking, and your assumptions
are incorrect. (why are people so willing to assume the worst and
insult others based on their own assumptions?)
Finally, nearly every major compromised network I've seen in my life
was broken into because one layer assumed that a given other layer
would prevent X Y or Z from happening. System crackers love it when
security has implicit assumptions ;-)
I'd love to say nothing I have ever built has ever been cracked, but
that's not true. But nothing of mine that was ever cracked was due to
incorrect assumptions in the design, just due to vulnerabilities in
the applications put on the platform. But because I secured every
layer as if it was the only layer, no compromise has ever extended
farther in the environment, either on the compromised system itself or
further into the network we were protecting.
Yes, it's a PITA to think this way. But it's the only way to keep
things truly secure.
NOW, let's return to securing SA properly.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness