[Dshield] firewall policy recomendations

John Hardin johnh at aproposretail.com
Wed May 29 15:31:06 GMT 2002


On Wed, 2002-05-29 at 07:01, Chad Albert wrote:
> I have also heard the opinion that
> dropping the packets will just make it harder for the attacker to get to the
> host at all.

I argee with that position. Give the attacker as little data as
possible, and what data you do give them should be inaccurate (e.g. set
up a tarpit on the popular services - "Yeah, I'm running IIS - blast
away!").

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  In the Lion
  the Mighty Lion
  the Zebra sleeps tonight...
  Dee de-ee-ee-ee-ee de de de we um umma way!
-----------------------------------------------------------------------
 49 days until Apropos Forum 2002




More information about the list mailing list