lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e92364c30409021612224bdfc6@mail.gmail.com>
From: jftucker at gmail.com (James Tucker)
Subject: Empirical data surrounding guards and firewalls.

On Thu, 2 Sep 2004 17:29:10 -0500 (CDT), evol@...ner.halo.nu
<evol@...ner.halo.nu> wrote:
> > Apologies, please explain the lack of differences, I'm not getting them.
> Of course...
> 
> > Virtual:
> > "The door" - Port 80 - Closed after connection attempt. You come back,
> > it does the same, and then closes again. 404 Error not being
> > dissimilar to being told to get out.
> Firewall let Evol through to conduct web transaction.  Does Mr James
> understand firewall?

Yes, but you were not in breach of protocol.
 
> > Cops show up - As with the firewall, it does not actively stop you
> > from reconnecting. McDonalds staff did not prevent you from
> > re-entering the premesis themselves.
> McDonalds did not allow buisness transaction.

You had already broken protocol.
 
> > Measures in Both:
> > In the event of reconnection attempts the firewall logs would indicate
> > an attack and external policing would have to deal with the problem.
> I think Mr James, you miss the point.

What point?
 
> > As far as I can see it the only difference is scaling, you can make
> > many many millions of requests before a flood warning appears, whereas
> > you only need to refuse to leave a few times before the police are
> > called. I guess humans have less patience than computers.
> >
> > Of course I could be missing something?
> Yes, Firewalls and people are not equivalent.  Information technology has
> no sentience Mr James.

That depends how you define sentience, but yes, humans often exhibit
more, but only where they know to do so. The same is true of a well
designed computer program.
 
> > Oh yeah, I did miss something, you can't "disconnect" someone from
> > being present in the building, as you can with a socket on a server.
> > But with reconnection scaling, is that really relevant? A little,
> > moreso in some circumstances, but not in this one.
> Mr James, some things may easily be described as disconnected.

True, and disconnection from business transaction was equally as rapid
as the rejection of communication after the generation of a 404 error.

> > Did you really go into McDonalds and harrass the staff today and get
> > taken away by the police? Please say yes, that would make my day. ROFL
> > :)
> Yes Mr James.  It seems another lesson that learned may be is, person
> should never listen to PHD's.

HAHA, thank you :D

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ