On Mon, May 07, 2001 at 08:15:33PM +0200, Helmut Springer wrote:
> On Mon 2001-05-07 (11:19), Eric Johnson wrote:
> > I'm running OpenBSD on one of my systems. So far, no problems
> > have been noticed.
> Did you notice nothing by expert monitoring while dozens of capable
> people are attacking, or did you notice nothing by not knowing what
> to look for and noone trying anything anyway?
Hmmm... I average between a half a dozen and several dozen
scans and probes against my Linux based adaptive firewall (IPChains +
Portsentry + Snort + assorted other goodies) every day. It's amusing
to watch. And I monitor. And no one can say "by not knowing what to
look for an noone try anything anyway." They come and they try. And
I watch and I monitor and I add to my experience.
What's really amusing are all the sysadmins, in netland, that get
so upset over portscans (I know of some morons who have complained just
on the basis of port 137 UDP probes) and, where I sit, it's just like
mosquitos buzzing around, you swat at them to satisfy some need to swat
at something, and not to accomplish something realistic.
What I have filters that cull out out the rif raf and the script
kiddies. That lets what I have behind the firewall alert me and deal with
what rises about that level. And that's what really interests me... Not
the ankle bitters that are so easy to ignore and discard. For the ankle
bitters, it doesn't matter what firewall you have, you just dump them as
road kill and worry about anyone who rises above that scum.
Responding to some of the amusing postings by "mouss"...
Regardless of what "mouss" thinks of defense in depth, there is
value in filtering and catergorizing your attackers. I think "mouss" would
consider "Sun Tsu" and the "Art of War" to fall into the category of "The
old prinicples of minimality, defense in depth, and other nice names are
just myths with no serious practical foundations."
"Mouss" would argue:
] "People have a tendency to blindly follow "well-known" principles.
] I for my own will say: don't follow me, don't follow anyone. get the
] truth by yourself".
I would argue that "those who do not learn from history are doomed
to repeat it". It's a fool who does not learn from the experience of
others. One who only relies on their own experience to protect themselves
from what they have not experienced, while ignoring the experience of others,
will not survive to pass on their wisdom (fortunately, I suppose).
Be that as it may... Anyone that follows ANYTHING "blindly", be it
"well-known principles" such as the security pundants espouse or the
blind groping guessing of the one who proclaims "Ignore the experts!
Get the truth for yourself", is equally doomed to failure. The failure
is in the "blindly following", not in who you are following.
> I know a lot of sites featuring the latter, and the former is what
> Jonas told...
I feature the former and am quite comforatable with a Linux firewall
(with some additional goodies thrown on top and behind). :->=>
> --
> MfG/Best Regards, helmut springer Was ist Ihre groesste Tugend?
> Mein warmer, menschenfreundlicher Humor.
> HRK
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
