lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: niels=netsys at bakker.net (Niels Bakker)
Subject: SQL Slammer - lessons learned

* John.Airey@...b.org.uk [Fri 07 Feb 2003, 11:46 CET]:
[..]
> Which brings me full circle back to stateful inspection. I can see no
> business reason why any organisation would need the outside world to
> initiate sessions to ports other than allowed privileged ports. (I leave the
> definition of allowed privileged ports undefined as it is an issue between
> the ISP and its customers. One or two people have digressed onto this issue)

The concept of UDP having a session worth speaking of that firewalls can
use to distinguish packets belonging to a conversation from packets not
belonging to one is so deeply flawed I won't even get into it.

I'm not sure why this issue keeps getting rehashed.  It's been well
established that a policy of denying all that isn't needed is prudent.
Also, it's been established that it's not up to connectivity providers
to force their ideas of proper filters on everyone.


> - 
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,

Please use a real signature separator; software can then automatically
recognise signatures and skip them when quoting, for example.  Also, I'd
appreciate it if you would upgrade to a real mail user agent that
generated proper In-Reply-To: and References: headers so threading would
work for those who prefer to use it, e.g. me.

I also won't get started on your stupid legal disclaimer - whose only
value is to pinpoint your company's legal team as a bunch of knuckle-
dragging morons.  (So thanks for the heads-up in showing who you hang
out with; it's a valuable aid in determining one's worth.)

Have a Nice Day,


	-- Niels.

--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ