funsec mailing list archives
Re: so, is I[dp]S a STUPID technology?
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 12 Oct 2005 16:05:13 -0500
--On Wednesday, October 12, 2005 16:59:03 -0400 Valdis.Kletnieks () vt edu wrote:
It's called peace of mind. If it doesn't get through, it's one less thing to worry about.I'm sorry to heard that you're so bandwidth constrained that you were willing to pay for a TippingCow to save the 2/3 of unsuccessful attacks that it blocked.
Do you actually ever have to clean anything up? Seriously. Just following up on one hacked box can eat up and entire day what with all the paperwork, documentation, forensics, etc., etc. I know you guys are good down there at vt, but I didn't know you were *that* good.Unless you can point at enough "would otherwise have whacked a box" attacks that the TippingCow actually stopped that the cost of the Cow is less than the cost of cleaning up the blocked would-have-worked attacks, it's not buying you anything.
And most of the time, the "would have worked" attacks are against some box that for some reason (covered well by Paul in another note) haven't been patched. Of course, most of *those* can be protected by a otherwised-surplus Dell GX110 running some linux-firewall-on-a-CD that only lets packets from approved sources in.
How? It's not like I know that Johnny is just about to plug in his brand-spanking new Suse box on my network. I'm intrigued. Tell me more.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: so, is I[dp]S a STUPID technology?, (continued)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Eduardo Tongson (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Barrie Dempster (Oct 13)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 13)
- RE: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 13)
- lalala [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- Re: lalala [was: Re: so, is I[dp]S a STUPID technology?] Valdis . Kletnieks (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)