Firewall Wizards mailing list archives
Re: Reactive Firewalls
From: Chris Brenton <cbrenton () sover net>
Date: Fri, 13 Feb 1998 10:44:34 -0500
Rick Smith wrote:
At 9:38 AM +1100 2/12/98, Darren Reed wrote:Personally, I'd prefer a service that fell victim to D.O.S attacks than one which could be compromised.Outside of the intelligence agencies, I've found that Internet savvy enterprises generally consider denial of service to be as bad or worse a "compromise" as anything else a hacker might do. This is certainly becoming true in military environments.
I guess it really depends on the situation. For example, if I have a firewall that is generating logs locally, and that system runs out of disk space, I would far prefer the firewall to shut down (thus a denial of service) than to continue to happily pass traffic even though it is no longer able to record events. IMO, a firewall that no longer records sessions has been "compromised". A D.O.S. is far preferable. Cheers, Chris -- ************************************** cbrenton () sover net Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529 Support the anti-spam movement: http://www.cauce.org/
Current thread:
- RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
- Re: Reactive Firewalls John Lines (Feb 12)
- Re: Reactive Firewalls Rick Smith (Feb 12)
- Re: Reactive Firewalls Chris Brenton (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 13)
- Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
- Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 16)