On Fri, Aug 27, 1999 at 06:37:16AM +0100, Archimede wrote:
> ISS is the only app out there that prevents what ports you have open on a
> simple strobe..and its dosable...I would think a kernel patch is better
> then an external one.
Given that it seems most 'strobes' are really simply quick attempts to
connect and communicate on a port -- attempting to 'mask' this via a
kernel patch would seem to cause more problems than it's worth.
Since, how would one designate between a malicious probe and a client
that might not have a large amount of data to transmit. The
transmission sequences for HTTP and rdist come to mind since you can
easily have circumstances where only a very small file needs to be
transmitted, perhaps even under 1K...Where's the limit to the
mask?
If you're worried about probes/strobes -- a far better idea would be
to not run those services or to filter out connections to those services
from untrusted source addresses via a firewall.
In short, I don't think making a kernel patch will fix a insecure network
design.
--
Robert G. Fisher NEOCOM Microspecialists Inc.
System Administrator/Programmer (540) 666-9533 x 116
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
