[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: Redirecting closed port connections

To: William.Stackpole@predictive.com, mouss <usebsd@free.fr>
Subject: RE: FW: Redirecting closed port connections
From: mouss <usebsd@free.fr>
Date: Fri, 12 May 2000 02:57:29 +0200
Cc: Firewalls@Lists.GNAC.NET

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

right, but you can still check wh's doing what and try to find them without
"telling them". I mean, just block the port and log the attempts.
the problem with the approach of trying to keep them connected to have more
time
to discover them is that nothing guarantees you'll trace them, and you have
to
check and recheck the code to make sure there is no hole in it.
similar stuff has been discussed by cheswick&co in "builing internet
firewalls" I think.
there they talk about the risks they've taking trying to get the attacker
(nd they also
talk about risks that may be created by the use of safe-finger stuff....).



-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: RE: SSL certificate signing.
Next by Date: Re: FW: Redirecting closed port connections
Prev by thread: RE: FW: Redirecting closed port connections
Next by thread: Re: FW: Redirecting closed port connections
Index(es):
- Date
- Thread