Firewall Wizards mailing list archives
Re: Protecting publicly reacheable servers (e.g. HTTP)?
From: Adam Shostack <adam () homeport org>
Date: Mon, 26 Nov 2001 11:54:53 -0500
On Sun, Nov 25, 2001 at 10:52:44PM -0500, Marcus J. Ranum wrote: | ark () eltex ru wrote: | >I am still trying to figure out how to prevent data-driven attacks | >on proxy level. | | I don't think it can be done. The only chance is to be super | restrictive in what you accept - to the point of accepting | nothing. If you do that, you generally defeat your objectives | if you're trying to actually exchange information with | someone. :( That you can't succeed is no reason not to try. :) You just have to be clever about what you try, and acknowledge that it will have limitations. In this vein, I think stackguard is a useful tool, as are RATS and ITS4. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Protecting publicly reacheable servers (e.g. HTTP)? Patrick M. Hausen (Nov 23)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? ark (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Emmanuel Adeline (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Marcus J. Ranum (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Adam Shostack (Nov 26)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Stephen P. Berry (Nov 27)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? ark (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Predrag Zivic (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Frederick M Avolio (Nov 25)
- RE: Protecting publicly reacheable servers (e.g. HTTP)? Jason Lewis (Nov 27)
- <Possible follow-ups>
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Steven M. Bellovin (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Yehavi Bourvine +972-2-6585684 (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Stephane Nasdrovisky (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? ark (Nov 26)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? TDyson (Nov 26)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Steven M. Bellovin (Nov 26)