1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
epistula illius Thomas T. Veldhouse profluit verbis: |
5 |
> Oliver Schad wrote: |
6 |
> > [scans are'nt dangerous - so reject] |
7 |
> |
8 |
> True, but if you do happen to have an exploitable service (i.e. the brk |
9 |
> issue with the linux kernel and rsync recently), a script kiddie might |
10 |
> grow tired of waiting for scan results from your network and go |
11 |
> elsewhere. Certainly slowing down potential hackers buys time and |
12 |
> frustration for the attacker if nothing else. The assumption that all |
13 |
> potential attackers are experts is not a good one. |
14 |
|
15 |
And seduction got absolutely nothing to do with security. It's a simple |
16 |
boolean: either Your system is secure (in terms of human calculation[*]) |
17 |
or it's not. There is no enhanced or "partial" security ... |
18 |
|
19 |
And once again: From a more or less "psychological point of view" it's |
20 |
even worse concerning the traffic load: the curious "bad guy" would try |
21 |
to go on. So it's better to explicitly tell him to go away. |
22 |
|
23 |
[*] "secure" means: You have to invest more effort into breaking into the |
24 |
system than you can expect to gain from it. |
25 |
|
26 |
- -- |
27 |
If you don't have a nasty obituary you probably didn't matter. |
28 |
-----BEGIN PGP SIGNATURE----- |
29 |
Version: GnuPG v1.2.3 (GNU/Linux) |
30 |
|
31 |
iD8DBQE//YMwwGaWYjpgASMRAl/WAKCeKLpkaa21rdgDaCSz/L2Wex/n1gCgsbSs |
32 |
LFKxocfBcw0KM83fxEMw+rI= |
33 |
=SKyG |
34 |
-----END PGP SIGNATURE----- |
35 |
|
36 |
-- |
37 |
gentoo-security@g.o mailing list |