[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Learn from history?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] Learn from history?
- From: <full-disclosure@xxxxxxxxxxxx>
- Date: Thu, 6 May 2004 05:38:47 -0700
> There is also SUS which a lot of people have started to and are
> deploying as we speak.
Exactly.
> Work arounds donmt have a place in any sort of open user environment
> they take too much time to deploy and impose to many problems on the
> end user and also need to be undone after the problem is fixed. Way
> way way to much work there.
You're generalizing here. And compared to what? Rebuilding all client/servers
because zeros were written to random sectors on disk?
> What is all this rubbish about. Roughly 15% of all assests attached
> to a networks around the world are unaccounted for!! So how are you
> meant to protect yourself against them. Example - firewall blocking
> all ports, some one comes in with a laptop thats infected and bobs
> your uncle you left scratching your head wondering why your firewall
> didnt work.
If wormX propogates using port Y, block any traffic with source/destination
port Y. It doesn't solve the problem, it slows the spreading. If you
get infected, we don't need to you spread it further. Block the shit
from going outbound. I don't know where you got 15% (especially if they're
"unaccounted for"), but it doesn't matter because that's a policy issue,
not a firewall one.
---
I'm done with this.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html