Firewall Wizards mailing list archives

Re: Reactive Firewalls

From: John Lines <John.Lines () aeat co uk>
Date: Thu, 12 Feb 1998 10:28:17 +0000

Darren Reed wrote:


Whilst feedback may help the hacker, if it shuts down and needs to be
manually rebooted, it also slows down the attack considerably.  There's
also a good chance it will discourage those who are 'trolling' for
insecure sites/firewalls from making a serious attempt to penetrate
your firewall.

Personally, I'd prefer a service that fell victim to D.O.S attacks than
one which could be compromised.

Darren

In an ideal world this would be an explicit policy decision, made when the
firewall was installed. This forces the firewall management to decide before
the event which course of action they would prefer.

If this decision is not made explicitly then if a hacker fills up the logs and
the firewall shuts down then the firewall administrator will be held
responsible for the loss of service, and told that he should have arranged
things so that it kept working - after all noone got in and having the
service is more important than having the logs.

Of course if the firewall doesnt shutdown, and someone breaks in then the
reverse applies.

        John Lines

Current thread:

RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
  - Re: Reactive Firewalls John Lines (Feb 12)
  - Re: Reactive Firewalls Rick Smith (Feb 12)
    - Re: Reactive Firewalls Chris Brenton (Feb 13)
    - Re: Reactive Firewalls Rick Smith (Feb 13)
    - Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
    - Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
    - Re: Reactive Firewalls Rick Smith (Feb 16)