| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Aug 28 01:35:39 2005 From: jasonc at science.org (Jason Coombs) Subject: RE: Example firewall script The problem with knowing a thing or two about a thing or two is that you're constantly arguing with other people who know nothing about things that nobody else can possibly understand, and that nobody will be forced to learn about or consider carefully until it's too late for the knowledge to save them from harm. This is yet another reason that full disclosure is crucial to everyone's readiness and to our ability to defend ourselves... Discussion and analysis of complex subjects, with real-world study and disclosure of failures and mistakes, prepares us to understand new risks and classify new threats according to actual significance in our situations. So, thank you both for sharing your debate and thereby calling attention to an area of uncertainty in practice, but if you're going to argue about definitions of routing tables vs. ACLs, why not do it in a way that mere mortals are able to understand some day in the future when they find your debate archived somewhere because their Cisco router's ACL ruleset failed to consider the fact that they had routes and multihomed interfaces configured dynamically by an attacker who knew better than the victim just how ACLs are parsed and precisely what the difference is between a good ACL and a bad one -- or where an attacker knew there was another interface physically attached to the Cisco device where a small wireless access point could be attached, which WAP would automatically assign the Cisco device another endpoint address in the WAP's address space. Fuck off doesn't add to the substance of the technical arguments, and even trying to understand why you are debating at all there does not appear to be any reason -- other than that you are both feeling stressed because the stock market keeps falling and you're counting on Wall Street to make you wealthier than your hard-working but lesser-compensated friends and neighbors. Don't worry, you'll figure out when you're unemployed and broke that all the time you spent being upset about little things distracted you from living life well, and you'll really only regret not having done more to make sure other people had as much opportunity as you did to do good work and document then publish details about the things they found important at the time, and to share your knowledge publicly for the benefit of everyone who comes after you. Regards, Jason Coombs jasonc@...ence.org -----Original Message----- From: "J.A. Terranson" <measl@....org> Date: Sat, 27 Aug 2005 15:38:11 To:"ericscher@....com" <ericscher@....com> Cc:Full-Disclosure <Full-Disclosure@...ts.grok.org.uk> Subject: Re: [Full-disclosure] RE: Example firewall script For the record, I just got a phone call from this guy - apparently he's afraid that because I call bullshit on him in public, I'm also going to "fill [his] email box with spam and stuff". Very entertaining. He even calls back and leaves messages when you hang up on him! Of course, while he's willing to call you on your cell phone to bitch and moan, he's also a pussy: he hides his calling number. HEY - ERIC!!! FUCK OFF. On Sat, 27 Aug 2005, ericscher@....com wrote: > Date: Sat, 27 Aug 2005 16:27:14 -0400 > From: "ericscher@....com" <ericscher@....com> > To: measl@....org > Subject: Re: [Full-disclosure] RE: Example firewall script > > > As does Juniper, as does..... > > >> Your Point? > > > > Uh... No. Traffic shaping may make use of ACLs, but ACL != Shaping. > > >>Sorry, but... > >>By definition, ACLs are a traffic shaping device. > > > > > Bzzzt. *All* "Autonomous Systems" are multihomed. Thats the definition > of AS. > > >> That's completely wrong. The definition of an "AS" is not that it's > multihomed, and not all AS's are multihomed. > > > > Again, wrong. ACLS are involved, but what you are talking about are > called ROUTING DECISIONS, and ACLS != Routing Decisions. > > >> Sorry, but that's EXACTLY what they are. They are a set of instructions > by which a routing device DECIDES where to route packets. > > > This is true for *most* ACL implementations, but NOT for all. Again, you > are trying to paint the entire world with your only available [Cisco] > brush, and it is making you look like a self-important fool. > > >> Sorry, but... you're wrong again. The very nature of how ACL's work mean > that you move from specific to general. > > > I can probably find a few good ones to recommend - if you will promise to > read them prior to spewing more of this. > > >> Based on your statements so far, I would not be inclined to follow your > suggestions. > > > > And still managed to screw up most of what you said. > > >> Actually, what I said is entirely correct. > > > That's expected: hot gas expands. > > >> You would know. > > > > > > > -------------------------------------------------------------------- > mail2web - Check your email from the web at > http://mail2web.com/ . > > > -- Yours, J.A. Terranson sysadmin@....org 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists