[conspire] Re: Perimeter vs. host-edge security (wqs: MIMO wireless cards cheap at Fry's)
rick at linuxmafia.com
Tue Dec 13 06:05:47 PST 2005
> wired wired and wireless
> IP network IP network
> 188.8.131.52/29 10.0.1.0/24
> - - - - - - --------------------------- ------------------------------
> | | | | | | | |
> RBC linuxmafia.com deirdre.net Airport Cheryl's PC Rick guest
> router ^^^ (DNAT) laptop PC
Actually, deirdre.ORG. Deirdre has deirdre.net
In my recent follow-up message:
> There are also two distinct types of tarpitting ("teergrubing") sometimes
> implemented in SMTP servers. The truly nasty variety is the one where,
> when your MTA determines that sender is a malware bot or something else
> whose time it wishes to chew up, the MTA keeps the delivering remove
> machine's socket open for as long as possible, by sending continuation
> SMTP messages -- essentially, saying to it "Are you still there? Please
> keep holding."
Also, just to clarify:
> We _do_ have a few monitoring and detection tricks deployed that we
> don't talk about much, but those are the only exceptions.
What I'm mostly talking about are "canaries" of various sorts, e.g., IDS
mechanisms and system/network analysis.
One of the principles of network design is "defence in depth".
Unfortunately, many -- maybe even most -- people misinterpret this
dictum as meaning "add more layers", which is not in itself necessarily
a good thing at all, and is often outright harmeful.
For an example of how people shoot themselves in the foot with
gadet-freak security software, please see: "Portsentry Considered
Harmful" on http://linuxmafia.com/kb/Security
More information about the conspire