Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Reactive Firewalls

Re: Reactive Firewalls

From: Chris Brenton <cbrenton_at_sover.net>
Date: Fri, 13 Feb 1998 10:44:34 -0500

Rick Smith wrote:

> At 9:38 AM +1100 2/12/98, Darren Reed wrote:
>
> >Personally, I'd prefer a service that fell victim to D.O.S attacks than
> >one which could be compromised.
>
> Outside of the intelligence agencies, I've found that Internet savvy
> enterprises generally consider denial of service to be as bad or worse a
> "compromise" as anything else a hacker might do. This is certainly becoming
> true in military environments.

I guess it really depends on the situation. For example, if I have a firewall
that is generating logs locally, and that system runs out of disk space, I
would far prefer the firewall to shut down (thus a denial of service) than to
continue to happily pass traffic even though it is no longer able to record
events. IMO, a firewall that no longer records sessions has been "compromised".
A D.O.S. is far preferable.

Cheers,
Chris 

--
**************************************
cbrenton_at_sover.net
Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529
Support the anti-spam movement: http://www.cauce.org/
Received on Feb 13 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]