Hosting Provided By

Re: Active response... some thoughts.

From: Sangram <sangram(at)mahindrabt.com>
Date: Tue Jan 28 2003 - 23:03:23 EST

TCP resets are not useful in the case UPD attacks are used; wether small pipe or not. A different kind of active response may help. I think this can be obtained by implementing the ICMP echo "Port unreachable". This will give an attacker false information on state of UDP ports as the process of UDP scanning also relies on the same principle. What do u think?

Original Message ----- From: Kohlenberg, Toby <toby.kohlenberg@intel.com> To: mb_lima <mb_lima@uol.com.br>; <FGarbrecht@ecogchair.org>

Cc: <RLos@enteredge.com>; <detmar.liesen@lds.nrw.de>; <abegetchell@qx.net>; <focus-ids@securityfocus.com> Sent: Wednesday, January 29, 2003 12:58 AM Subject: RE: Active response... some thoughts.

> Why not? Packets travel quickly even on small pipes...

Disclaimer

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

Visit us at http://www.mahindrabt.com Received on Wed Jan 29 12:53:47 2003

This message: [ Message body ]
Next message: Andrew Plato: "SQLSlammer Worm & IDSs"
Previous message: Steven Richards: "RE: Active response... some thoughts."
In reply to: Kohlenberg, Toby: "RE: Active response... some thoughts."
Next in thread: Rob Shein: "RE: Active response... some thoughts."
Reply: Rob Shein: "RE: Active response... some thoughts."
Reply: mb_lima: "Re: Active response... some thoughts."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:08 EDT