RE: Active response... some thoughts.

["mb_lima" <mb_lima () uol com br>]

I think that the network infrastrucure can result in TCP
retransmissions in the handshake phase increasing delay in
connections establishment. TCP resets work fine in this case.
I saw many colisions my router because it had a 2Mb Interface
with Internet and 100Mb interfaces with internal network.
Regards,

   Marcelo.

> Why not? Packets travel quickly even on small pipes...
> If a block takes 3 seconds to implement, how many packets
> will have gone by, even on a small link? It has been a
> long time since I saw a link that couldn't handle enough
> packets per second to get a nasty backdoor loaded in less
> than 3 seconds..
>
> toby
>
> > -----Original Message-----
> > From: mb_lima [mailto:mb_lima () uol com br]
> > Sent: Tuesday, January 28, 2003 8:39 AM
> > To: FGarbrecht () ecogchair org
> > Cc: Kohlenberg, Toby; RLos () enteredge com; detmar.liesen@ld
s.nrw.de;
> > abegetchell () qx net; focus-ids () securityfocus com
> > Subject: RE: Active response... some thoughts.
> >
> >
> >
> >  Toby,
> >
> > > Actually, TCP resets don't work in many cases-
> >  for instance any
> > > situation where you have a single packet exploit (say th
e Sa
> > phire
> > > worm that just ran through the Net)... This is the same
prob
> > lem
> > > that router/firewall reconfiguration has-
> >  by the time the response
> > > happens, the compromise is done.
> >
> >   I agree with you, but I think that in low bandiwith link
s
> > this is not a problem.
> >
> >    Marcelo.
> >
> >
> > ---
> > UOL, o melhor da Internet
> > http://www.uol.com.br/


---
UOL, o melhor da Internet
http://www.uol.com.br/