[funsec] so, is I[dp]S a STUPID technology?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Oct 12 15:59:03 CDT 2005


On Wed, 12 Oct 2005 15:50:35 CDT, Paul Schmehl said:

> >> edge,  and I can assure you it's in blocking mode.  It's reduced the
> >> number of  attacks we were seeing by over two thirds.
> > "Attacks" or "successful attacks"?

> Attacks.  Successful attacks are very few.

I'm sorry to heard that you're so bandwidth constrained that you were willing
to pay for a TippingCow to save the 2/3 of unsuccessful attacks that it blocked.

Unless you can point at enough "would otherwise have whacked a box" attacks that
the TippingCow actually stopped that the cost of the Cow is less than the cost
of cleaning up the blocked would-have-worked attacks, it's not buying you anything.

And most of the time, the "would have worked" attacks are against some box that for
some reason (covered well by Paul in another note) haven't been patched.  Of course,
most of *those* can be protected by a otherwised-surplus Dell GX110 running some
linux-firewall-on-a-CD that only lets packets from approved sources in.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://linuxbox.org/pipermail/funsec/attachments/20051012/4e695b6c/attachment.pgp


More information about the funsec mailing list