|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] portmap and other things
|
On Tue, Mar 06, 2001 at 04:34:26PM -0500, MaD dUCK wrote:
> ooooooh. nice. is this black-holing permanent or only for like 3 hours
> or configurable or what?
The last, if memory serves.
I think it's a Grade A1 Bad Idea in all cases; I'd rather not have
an interested party know I know about them till I can turn it around
on them by way of complete logs, a system they couldn't crack
anyhow, and a carefully placed phone call to their upstream
provider.
But I'm a haughty asshole.
;^>
Seriously, blackholing is useful neither as a security measure (for
all but the most lazy attackers; those who really want in will still
get there), nor as an intrusion detection system (as it actually
HIDES informaion about your attacker from you), and it can be turned
around and used as a DoS by even the most monosyllabic of script
kiddies (ever tried nmap's -D flag? really not hard to block a
portsentry'ed machine out of, say, www.yahoo.com).
~ g r @ eclipsed.net
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|