| Rich Freeman on 29 Aug 2018 05:24:29 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban... |
On Wed, Aug 29, 2018 at 8:01 AM Rich Kulawiec <rsk@gsp.org> wrote: > > If you don't need it, then all possible outcomes of allowing it are > bad for you and potentially good for attackers The problem is that the outcome of not allowing it is bad for the internet. If we're giving up on securing things at the protocol level and allowing any host to connect to any other host, what is the whole point of doing this Internet thing anyway, other than VPNs being cheaper than dedicated lines? I don't _NEED_ to be reading this email list or attending PLUG meetings, so why am I taking the risk in doing either. For all I know Jonathan might secretly be an axe murderer. :) In the end we try to operate as openly as possible, because we really don't want to concede that we might live in a world where this isn't reasonable. Cybersecurity would be a lot easier if we just made the internet work like the world of physical goods. Your packets are delivered from Germany are delivered to a port of entry, where they're held for inspection for a couple of days and based on some kind of risk profile they're subject to further scrutiny. Also, the commercial value of the packets is ascertained and you pay a 4% duty or whatever to have them delivered. Then a week later your ack packets make it back to the source. Maybe we could agree to make those duty-free. :) This is why banks have to content with hackers using the most sophisticated attacks known to man, but when it comes to physical security their biggest worry is some nut with a gun trying to rob a teller and not robbers equipped with stealth fighters and tanks. On the internet the border runs right up to your TV. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug