Firewall Wizards mailing list archives

Re: Reactive Firewalls

From: Chris Brenton <cbrenton () sover net>
Date: Fri, 13 Feb 1998 10:44:34 -0500

Rick Smith wrote:

At 9:38 AM +1100 2/12/98, Darren Reed wrote:

Personally, I'd prefer a service that fell victim to D.O.S attacks than
one which could be compromised.


Outside of the intelligence agencies, I've found that Internet savvy
enterprises generally consider denial of service to be as bad or worse a
"compromise" as anything else a hacker might do. This is certainly becoming
true in military environments.


I guess it really depends on the situation. For example, if I have a firewall
that is generating logs locally, and that system runs out of disk space, I
would far prefer the firewall to shut down (thus a denial of service) than to
continue to happily pass traffic even though it is no longer able to record
events. IMO, a firewall that no longer records sessions has been "compromised".
A D.O.S. is far preferable.

Cheers,
Chris
--
**************************************
cbrenton () sover net

Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529

Support the anti-spam movement: http://www.cauce.org/

Current thread:

RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
  - Re: Reactive Firewalls John Lines (Feb 12)
  - Re: Reactive Firewalls Rick Smith (Feb 12)
    - Re: Reactive Firewalls Chris Brenton (Feb 13)
    - Re: Reactive Firewalls Rick Smith (Feb 13)
    - Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
    - Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
    - Re: Reactive Firewalls Rick Smith (Feb 16)