[unisog] AV for MACS

Matt Crawford crawdad at fnal.gov
Mon Dec 6 21:53:25 GMT 2004


On Dec 6, 2004, at 11:20, Jim Dillon wrote:

> Platform    Total attacks     Attacks/day     Attacks/hour

Pish-tosh.  What I see here is a readout of the IP packet input 
counters.  OSes with an internal IP-layer firewall may block packets 
before they are counted.  Other systems may drop or block them after 
they are counted.  If you have no service listening for a given packet 
(and no teardrop-like vulnerabilities in the IP layer itself) it makes 
no security difference when you drop it.  Since the six test systems 
were just left idle on the internet, "obviously" every packet is an 
attack.

Can we go back to work now?




More information about the unisog mailing list