Firewall Wizards mailing list archives
Re: Reactive Firewalls
From: John Lines <John.Lines () aeat co uk>
Date: Thu, 12 Feb 1998 10:28:17 +0000
Darren Reed wrote:
Whilst feedback may help the hacker, if it shuts down and needs to be manually rebooted, it also slows down the attack considerably. There's also a good chance it will discourage those who are 'trolling' for insecure sites/firewalls from making a serious attempt to penetrate your firewall. Personally, I'd prefer a service that fell victim to D.O.S attacks than one which could be compromised. Darren
In an ideal world this would be an explicit policy decision, made when the firewall was installed. This forces the firewall management to decide before the event which course of action they would prefer. If this decision is not made explicitly then if a hacker fills up the logs and the firewall shuts down then the firewall administrator will be held responsible for the loss of service, and told that he should have arranged things so that it kept working - after all noone got in and having the service is more important than having the logs. Of course if the firewall doesnt shutdown, and someone breaks in then the reverse applies. John Lines
Current thread:
- RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
- Re: Reactive Firewalls John Lines (Feb 12)
- Re: Reactive Firewalls Rick Smith (Feb 12)
- Re: Reactive Firewalls Chris Brenton (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 13)
- Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
- Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 16)