Date: Fri, 10 Dec 1999 00:08:16 +1030 From: Mark Newton <newton@atdot.dotat.org> To: Justin Wells <jread@semiotek.com> Cc: "Scott I. Remick" <scott@computeralt.com>, freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <19991210000816.A12440@atdot.dotat.org> In-Reply-To: <19991209082046.A93512@semiotek.com>; from jread@semiotek.com on Thu, Dec 09, 1999 at 08:20:47AM -0500 References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <Pine.LNX.3.95.991208170102.30438R-100000@arden.iss.net> <4.2.2.19991208173403.00be7790@mail.computeralt.com> <19991209082046.A93512@semiotek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 09, 1999 at 08:20:47AM -0500, Justin Wells wrote:
> You know... it sounds like the people who you have to deal with don't
> really understand what they're talking about. If I were you I would run
> trafshow on the network,
Hmm, I dunno -- I my experience, the best course of action to take when
you're dealing with management who don't really understand what they're
talking about is to run like hell until you find some management who
*does* know what they're talking about. It isn't that hard, there's
a global skills shortage at the moment, so people who know what they're
doing can probably consider themselves to be in a "target rich
environment". :-)
> get a list of all the packets that anyone
> ever sends, and use that to build a closed firewall that allows
> everything people already do. I would put that up, and then I would
> say to my boss "Yeah I put up a firewall that allows everything, except
> the bad stuff", and if anyone EVER notices that anything is blocked, say
> "Oh, looks like a bug in the firewall, I'll fix that straight away".
Politics: if you call it a bug, dumbass management will eventually
say, "Uh, that firewall has a history of bugs, let's replace it with
an NT box, 'cos that nice guy in a suit says NT doesn't have any
bugs..."
It's probably better to say that some aspect of the functionality of
whatever failed depended on something that had previously been
blocked, but you can put in a workaround because the firewall you're
using is so amazingly flexible :-)
Ah, they'll make a consultant out of me yet...
- mark
--------------------------------------------------------------------
I tried an internal modem, newton@atdot.dotat.org
but it hurt when I walked. Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991210000816.A12440>