[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: Redirecting closed port connections

To: mouss <usebsd@free.fr>
Subject: RE: FW: Redirecting closed port connections
From: William.Stackpole@predictive.com
Date: Thu, 11 May 2000 21:19:03 -0400
Cc: William.Stackpole@predictive.com, mouss <usebsd@free.fr>, Firewalls@Lists.GNAC.NET

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


 Your point is well taken, unfortunately, to prosecute someone you really
need them to actually access a system that they are not authorized to.
 Attempting to access a system isn't sufficient for prosecution.

 

--Bill Stackpole, CISSP

"mouss" <usebsd@free.fr>
05/12/2000 02:57 AM ZE2

To: <William.Stackpole@predictive.com>, "mouss" <usebsd@free.fr>
cc: <Firewalls@Lists.GNAC.NET>
bcc:
Subject: RE: FW: Redirecting closed port connections


right, but you can still check wh's doing what and try to find them
without
"telling them". I mean, just block the port and log the attempts.
the problem with the approach of trying to keep them connected to have
more
time
to discover them is that nothing guarantees you'll trace them, and you
have
to
check and recheck the code to make sure there is no hole in it.
similar stuff has been discussed by cheswick&co in "builing internet
firewalls" I think.
there they talk about the risks they've taking trying to get the attacker
(nd they also
talk about risks that may be created by the use of safe-finger
stuff....).


- [To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: RE: SSL certificate signing.
Next by Date: RE: SSL certificate signing.
Prev by thread: Re: FW: Redirecting closed port connections
Next by thread: RE: FW: Redirecting closed port connections
Index(es):
- Date
- Thread