[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] PortSentry works !
- Subject: RE: [cobalt-users] PortSentry works !
- From: Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>
- Date: Sat Mar 17 10:28:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> > Creates a route *from your host* and *to that host* which is
> > immediately rejected, and whose packets get dropped. The
> > point here is that packets may get to your machine, but they
> > won't be able to get back because your server will route them
> > to Hades. Note that this provides "asymmetric" protection,
> > since packets do get to your machine and the cracker *can*
> > crack your machine. Packets won't get back out to him, but
> > if he's good enough to type in commands blind he can still
> > cause damage.
>
> Is this true? Surely if packets don't return from the
> destination there'll be no way of knowing that the socket is
> open and the client will timeout and terminate the connection.
You're assuming someone with no knowledge of your network or services
whatsoever. But what if he's specifically trying an FTP hack on your FTP
server, which you publicize as having? Or what if he's after the
database server that you *don't* publicize, but it's one of your
employees? 80% (or around there) of security breaches are done with
internal information or motivation...
> > He can also DoS you... again, packets come in but don't go
> > out. Not the best way.
>
> True, but flooding your bandwidth will effectively DoS you
> whether you're using ipchains or not.
Yes. But leaving bandwidth aside, we were talking about locking out
undesirables; and he could request connections from sendmail until it
shut down from high load and your "route -reject" would do *nothing* to
protect you. That's what I meant; sorry if I didn't communicate more
clearly.
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>