On Fri, 20 Sep 2002, Rick Moen wrote: > Quoting Ian C. Sison ([EMAIL PROTECTED]): > > > Agreed. But the fact that there is no information or data lossage does > > not mean that there had been no damage to the entity responsible for the > > online service... read below for more. > > We're furiously agreeing with one another, but keep chasing details: > You keep stressing that a DoS is a security problem. I keep replying, > yes, of course, but it's important to distinguish it from exploits, > which (I claim) are ultimately more-dire exposures, and DoSes are not > what one _usually_ means when one generically says "security compromise" > or "security problem". I think we can regard that as sufficiently > discussed.
Yes we have \8) > > what it seems to miss is the fact that a well organized DoS can cause an > > entity just as much loss in revenues as with the case of an intrusion > > where certain priveleged data was stolen. > > Generally, no. A DoS that for some reason could not be stopped through > software fixes or switches to different software might qualify, _if_ for > some reason you could not filter for it in routers, etc. One example > might be ping storms from continually changing source hosts, or some > other type of DDoS that involves overwhelming the target through sheer > quantity of traffic. Otherwise, no. We'll discuss specifics, below. Agreed. He he, maybe it's also highly likely that you have no control over the response time of your upstream to fix problems, which magnifies your problem. > Nope. I'd temporarily switch to MaraDNS in about five minutes. > > I've essentially already covered this, in my prior post: If it's a DoS > that kills Apache, I'll bring up Boa in five minutes. If it's against > vs-ftpd, I'll bring up Pure-ftpd in five minutes. If it's against > Exim... well, I _think_ I'd probably have Postfix adequately figured > out in half an hour or so. ;-> Or temporarily resurrect Sendmail. True. Although sometimes it's not that easy. Maybe your website runs Apache with PHP and gets hit with a new DoS, a fix for which is still up and coming.. I'm nitpicking but generally you called it correct.. he he > > > Yup, that was my point. Cyrus' delivery agent (MDA). > > Are post-office-type protocols classed as MDAs? I hadn't thought that > was the case, but hadn't really pondered the matter much. The cyrus mda accepts input via a pipe and feeds it via LMTP to the cyrus mail engine. Does this qualify as a PO type protocol? Correct me as i'm unfamiliar with a post office type protocol. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
