Firewall Wizards mailing list archives

RE: .gov/.mil threat ID

From: "Paul D. Robertson" <proberts () clark net>
Date: Thu, 28 Jan 1999 08:40:13 -0500 (EST)

On Thu, 28 Jan 1999, Crumrine, Gary L wrote:

Sounds like the gentleman should be more interested in tightening up his
systems than complaining on how DOD reacted to someone knocking on their
door.


I don't know anyone who doesn't have difficulty deciding how to react to 
door-knocking.  Well, besides whoever that was who used to automatically 
e-mail zone contacts for any connect attempt, and I think they had problems 
with the results of their decision.  

As for his own system, how he runs it is completely up to him and his network 
provider.  However, I think he's been over his system since his post, and 
it's still possible that his address was used as a smokescreen, or that his 
network provider is at least partially compromised.  My guess would 
be that housing your machine on a .edu network probably isn't the most 
comfort-giving experience in the world.  

With that in mind, and trying to drag things back to topicality a bit, 
has anyone played any with some sort of host-based authentication scheme 
combined with packet filtering?  Something like "Auth to this Web page, 
and your IP address is unblocked until we don't see packets for X minutes 
or for a maximum of Y hours."  ipfw or ipfilter solutions prefered.

No matter what they do, they will get criticized for it.


I don't see anything inherently bad with criticism, I just prefer it to 
be informed, thought-out criticism.

Before someone goes flaming the practices of different people and agencies,
I suggest they step outside of the academic realm and walk in the DOD's
shoes for a while.  Maybe then they'd understand a little more.  It is not a
game.


That's a two-way street.  There are a lot of people in government who 
could probably gain some insight into the problems of administering a 
network where the bulk of your users are transient youngsters without 
constant supervision, can't be easily disciplined, and could know more than 
you, and problably about 1/3 of that population changes each year.  

Now if ya wanna talk about those darned State people... ;)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Current thread:

.gov/.mil threat ID AI mailer v .1 alpha (Jan 26)
- Re: .gov/.mil threat ID Joseph S D Yao (Jan 27)
- Re: .gov/.mil threat ID Paul D. Robertson (Jan 27)
- <Possible follow-ups>
- RE: .gov/.mil threat ID Stout, Bill (Jan 27)
- RE: .gov/.mil threat ID Crumrine, Gary L (Jan 28)
  - RE: .gov/.mil threat ID Paul D. Robertson (Jan 28)
    - RE: .gov/.mil threat ID David Harley (Jan 29)
- RE: .gov/.mil threat ID Stout, Bill (Jan 28)