Darren Reed wrote:
>
> Whilst feedback may help the hacker, if it shuts down and needs to be
> manually rebooted, it also slows down the attack considerably. There's
> also a good chance it will discourage those who are 'trolling' for
> insecure sites/firewalls from making a serious attempt to penetrate
> your firewall.
>
> Personally, I'd prefer a service that fell victim to D.O.S attacks than
> one which could be compromised.
>
> Darren
>
In an ideal world this would be an explicit policy decision, made when the
firewall was installed. This forces the firewall management to decide before
the event which course of action they would prefer.
If this decision is not made explicitly then if a hacker fills up the logs and
the firewall shuts down then the firewall administrator will be held
responsible for the loss of service, and told that he should have arranged
things so that it kept working - after all noone got in and having the
service is more important than having the logs.
Of course if the firewall doesnt shutdown, and someone breaks in then the
reverse applies.
John Lines
Received on Feb 12 1998
Intro
