At 09:36 AM 8/12/2002, you wrote: >Paul Jacobs asked: > > > Why is it that after SUN'S new "TCP Hardening" patch and > > the 8+ new services running on my box now that when you > > goto "Action Against Detected Scans" and select "Log and > > Block" you get a message saying " if you enable this > > option you will be open to DOS attack's! ?. > >Imagine: you know someone just installed this patch. You then attack it >with a whole stack of spoofed IP addresses, thousands of packets over a >short time. The RaQ then explodes by: > >a) filling up its' log partition, and >b) potentially blocking itself and/or the router it's attached to, DNS >servers and so on.
Sounds like a problem with how the the network you sit on is configured. See my earlier post on how to stop this at the router. >Yes, these offerings from Sun are a good idea; the white paper gives a >fairly comprehensive (though not too details) overview of how they achieve >things but it's still easy to cripple a machine with them installed. > >Better to have all your internet-facing services as secure as possible. >Generally, I don't give a stuff if someone scans a machine of mine and >finds a webserver and SSH server. None of the other ports are accessible, >anyway. > >It's all in the configuration. You want to know if someone prodded all >your service ports, not the 65000+ other ones! > >Graeme >-- >Graeme Fowler >System Administrator >Host Europe Group PLC >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
