[conspire] Re: Perimeter vs. host-edge security (wqs: MIMO wireless cards cheap at Fry's)

Rick Moen rick at linuxmafia.com
Tue Dec 13 06:05:47 PST 2005

Typo patrol:

>                     wired                      wired and wireless
>                  IP network                        IP network
>  - - - - - - ---------------------------  ------------------------------
>  |           |              |          |  |        |            |      |
> RBC     linuxmafia.com  deirdre.net   Airport    Cheryl's PC   Rick   guest
> router                          ^^^   (DNAT)                 laptop    PC

                          Actually, deirdre.ORG.  Deirdre has deirdre.net 
                          hosted elsewhere.

In my recent follow-up message:

> There are also two distinct types of tarpitting ("teergrubing") sometimes
> implemented in SMTP servers.  The truly nasty variety is the one where,
> when your MTA determines that sender is a malware bot or something else
> whose time it wishes to chew up, the MTA keeps the delivering remove
> machine's socket open for as long as possible, by sending continuation
> SMTP messages -- essentially, saying to it "Are you still there?  Please
> keep holding."

Also, just to clarify:

> We _do_ have a few monitoring and detection tricks deployed that we
> don't talk about much, but those are the only exceptions.

What I'm mostly talking about are "canaries" of various sorts, e.g., IDS
mechanisms and system/network analysis.

One of the principles of network design is "defence in depth".
Unfortunately, many -- maybe even most -- people misinterpret this
dictum as meaning "add more layers", which is not in itself necessarily 
a good thing at all, and is often outright harmeful.

For an example of how people shoot themselves in the foot with
gadet-freak security software, please see:  "Portsentry Considered
Harmful" on http://linuxmafia.com/kb/Security

More information about the conspire mailing list