Re: so, is I[dp]S a STUPID technology?

[Valdis.Kletnieks () vt edu]

On Wed, 12 Oct 2005 15:50:35 CDT, Paul Schmehl said:

> > > edge,  and I can assure you it's in blocking mode.  It's reduced the
> > > number of  attacks we were seeing by over two thirds.
> > "Attacks" or "successful attacks"?

> Attacks.  Successful attacks are very few.

I'm sorry to heard that you're so bandwidth constrained that you were willing
to pay for a TippingCow to save the 2/3 of unsuccessful attacks that it blocked.

Unless you can point at enough "would otherwise have whacked a box" attacks that
the TippingCow actually stopped that the cost of the Cow is less than the cost
of cleaning up the blocked would-have-worked attacks, it's not buying you anything.

And most of the time, the "would have worked" attacks are against some box that for
some reason (covered well by Paul in another note) haven't been patched.  Of course,
most of *those* can be protected by a otherwised-surplus Dell GX110 running some
linux-firewall-on-a-CD that only lets packets from approved sources in.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.