Firewall Wizards mailing list archives
Re: A fun smackdown...
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 19 May 2005 19:08:37 -0400 (EDT)
On Thu, 19 May 2005, Chuck Swiger wrote:
I suspect that using greylisting, honeytraps, teergrubes, and similiar techniques can do a lot to help slow down the spread rates of malware and spam. That's one way of making an "allow all" rule less risky than the "deny all" rule might be. Of course, you have to make sure your honeytrap software is up to the task, which is not as easy as it might seem.I still don't see that as less risky.Is it easier to defend against a known attack then against an unknown one?
There's not a generic answer for that, it depends on the attack, the defender's capability and the environment.
Computers are good at logging and keeping track of the statistics. The
Yes, but they're not yet good at making up enough of a protocol to get enough of a response to get a payload, automatically analyzing and decrypting that payload, etc. Though operational sites might not be too interested in things that speak protocols they don't.
problem is understanding what all of the noise means and presenting it to the user in a fashion which helps them make decisions.
Identifying the source of the noise is one way to gain potentially useful information (i.e. "Is this a new worm, or just a polymorphic copy of one I've seen before?") Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Adam Shostack (May 21)
- Re: A fun smackdown... Ryan McBride (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Steven M. Bellovin (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Don Kendrick (May 24)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Devdas Bhagat (May 20)