From owner-freebsd-security Thu Dec 9 5:42:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id 3B618150C9 for ; Thu, 9 Dec 1999 05:42:27 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.7) id AAA12483; Fri, 10 Dec 1999 00:08:16 +1030 (CST) Date: Fri, 10 Dec 1999 00:08:16 +1030 From: Mark Newton To: Justin Wells Cc: "Scott I. Remick" , freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <19991210000816.A12440@atdot.dotat.org> References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <4.2.2.19991208173403.00be7790@mail.computeralt.com> <19991209082046.A93512@semiotek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <19991209082046.A93512@semiotek.com>; from jread@semiotek.com on Thu, Dec 09, 1999 at 08:20:47AM -0500 X-PGP-Key: http://slash.dotat.org/~newton/pgpkey.txt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 09, 1999 at 08:20:47AM -0500, Justin Wells wrote: > You know... it sounds like the people who you have to deal with don't > really understand what they're talking about. If I were you I would run > trafshow on the network, Hmm, I dunno -- I my experience, the best course of action to take when you're dealing with management who don't really understand what they're talking about is to run like hell until you find some management who *does* know what they're talking about. It isn't that hard, there's a global skills shortage at the moment, so people who know what they're doing can probably consider themselves to be in a "target rich environment". :-) > get a list of all the packets that anyone > ever sends, and use that to build a closed firewall that allows > everything people already do. I would put that up, and then I would > say to my boss "Yeah I put up a firewall that allows everything, except > the bad stuff", and if anyone EVER notices that anything is blocked, say > "Oh, looks like a bug in the firewall, I'll fix that straight away". Politics: if you call it a bug, dumbass management will eventually say, "Uh, that firewall has a history of bugs, let's replace it with an NT box, 'cos that nice guy in a suit says NT doesn't have any bugs..." It's probably better to say that some aspect of the functionality of whatever failed depended on something that had previously been blocked, but you can put in a workaround because the firewall you're using is so amazingly flexible :-) Ah, they'll make a consultant out of me yet... - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message