Firewall Wizards mailing list archives
Re: A fun smackdown...
From: Chuck Swiger <chuck () codefab com>
Date: Thu, 19 May 2005 18:58:57 -0400
On May 19, 2005, at 6:40 PM, Paul D. Robertson wrote:
A firewall with allow-all is simply a router.You'd be surprised at the number of "Yes we have a firewall!"'s I've seenwith an allow all...
Look on the bright side, they have a lot of unused capability where they could improve their security, if only someone showed them how to use it.
Sounds like a happy consulting opportunity. :-)
I suspect that using greylisting, honeytraps, teergrubes, and similiar techniques can do a lot to help slow down the spread rates of malwareand spam. That's one way of making an "allow all" rule less risky thanthe "deny all" rule might be. Of course, you have to make sure your honeytrap software is up to the task, which is not as easy as it might seem.I still don't see that as less risky.
Is it easier to defend against a known attack then against an unknown one?
Has anyone else tried setting up several honeytraps across their address space? Have you noticed a difference in connection rates between IP addresses at the far ends of your IP range, compared with honeytrap IP's in the middle?I haven't, but I know a lot of worms generate addresses to try to infect with non-random algorithms. Most people I know who do that sort of thing tend to grab the first bit of traffic, talking enough of whatever protocolit is to characterize it and tally it up. I'd bet the breakdown byprotocol and malcode instance would be interesting, but it's a heck of alot of work to keep it updated.
Computers are good at logging and keeping track of the statistics. The problem is understanding what all of the noise means and presenting it to the user in a fashion which helps them make decisions.
-- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Adam Shostack (May 21)
- Re: A fun smackdown... Ryan McBride (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Steven M. Bellovin (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Don Kendrick (May 24)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)