Gentoo Archives: gentoo-security

From: Andreas Waschbuesch <awaschb@××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 16:23:58
Message-Id: 200401081720.01084.awaschb@gwdg.de
In Reply to: Re: [gentoo-security] firewall suggestions? by "Thomas T. Veldhouse"
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 epistula illius Thomas T. Veldhouse profluit verbis:
5 > Oliver Schad wrote:
6 > > [scans are'nt dangerous - so reject]
7 >
8 > True, but if you do happen to have an exploitable service (i.e. the brk
9 > issue with the linux kernel and rsync recently), a script kiddie might
10 > grow tired of waiting for scan results from your network and go
11 > elsewhere. Certainly slowing down potential hackers buys time and
12 > frustration for the attacker if nothing else. The assumption that all
13 > potential attackers are experts is not a good one.
14
15 And seduction got absolutely nothing to do with security. It's a simple
16 boolean: either Your system is secure (in terms of human calculation[*])
17 or it's not. There is no enhanced or "partial" security ...
18
19 And once again: From a more or less "psychological point of view" it's
20 even worse concerning the traffic load: the curious "bad guy" would try
21 to go on. So it's better to explicitly tell him to go away.
22
23 [*] "secure" means: You have to invest more effort into breaking into the
24 system than you can expect to gain from it.
25
26 - --
27 If you don't have a nasty obituary you probably didn't matter.
28 -----BEGIN PGP SIGNATURE-----
29 Version: GnuPG v1.2.3 (GNU/Linux)
30
31 iD8DBQE//YMwwGaWYjpgASMRAl/WAKCeKLpkaa21rdgDaCSz/L2Wex/n1gCgsbSs
32 LFKxocfBcw0KM83fxEMw+rI=
33 =SKyG
34 -----END PGP SIGNATURE-----
35
36 --
37 gentoo-security@g.o mailing list