Re: so, is I[dp]S a STUPID technology?

[Paul Schmehl <pauls () utdallas edu>]

--On Wednesday, October 12, 2005 16:59:03 -0400 Valdis.Kletnieks () vt edu 
wrote:
> I'm sorry to heard that you're so bandwidth constrained that you were
> willing to pay for a TippingCow to save the 2/3 of unsuccessful attacks
> that it blocked.
It's called peace of mind.  If it doesn't get through, it's one less thing 
to worry about.

> Unless you can point at enough "would otherwise have whacked a box"
> attacks that the TippingCow actually stopped that the cost of the Cow is
> less than the cost of cleaning up the blocked would-have-worked attacks,
> it's not buying you anything.
Do you actually ever have to clean anything up?  Seriously.  Just following 
up on one hacked box can eat up and entire day what with all the paperwork, 
documentation, forensics, etc., etc.  I know you guys are good down there 
at vt, but I didn't know you were *that* good.

> And most of the time, the "would have worked" attacks are against some
> box that for some reason (covered well by Paul in another note) haven't
> been patched.  Of course, most of *those* can be protected by a
> otherwised-surplus Dell GX110 running some linux-firewall-on-a-CD that
> only lets packets from approved sources in.

How?  It's not like I know that Johnny is just about to plug in his 
brand-spanking new Suse box on my network.  I'm intrigued.  Tell me more.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.