[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jon Still wrote: > > The other thing that NIDS (possibly including snort) can do is actively > respond to attacks - e.g. insert firewall rules to block the attackers' > source address. This is generally regarded as a Bad Idea(tm) as it's the > quickest way to DoS yourself, thanks to the joys of IP spoofing. Hehe, which is why I only block when they complete the TCP handshake to any of the well known ports (except 25, which is very welcoming and full of nice warm tar. This can still DoS yourself, as ipchains seems to cause kernel issues (on this box at least) if you have too many rules, or add too many rules, although since the last lot of upgrading this no longer causes a kernel crash, just ISDN to seize up (but even that is rare). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+ORIvGFXfHI9FVgYRApJgAJwNn+Cs+TMbH5036Pd0tz4mIfVyLwCgkK0G 7DsbFWwOQm7FtRYybYGRRLE= =szuz -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.