Re: Scan of TCP 552-554

Quoting Rodrigo Barbosa <rodrigob@suespammers.org>:
> On Fri, Aug 01, 2003 at 08:25:08AM -0400, Chris Shepherd wrote:

Regardless of whether you filter it or not, it has already bypassed your ISP's routers, and is using YOUR bandwidth. The packets are getting to you either way, dropping their packets after they have hit your network doesn't stop them from utilizing your bandwidth, and in fact, that further increases the argument for a simple drop-all approach, since you will, in the event of a portscan, send replies, thus using more of your bandwidth than if you had simply dropped them.

You really in actuality have little say in the matter. Even if you had a firewall set to drop all traffic, it has to come across your link to get to your firewall in order to be dropped, which is using your bandwidth.

> > A policy of having a live person react to a port scan is a little farther

Do you feel this bug is relevant to this conversation in relation to your setup?

> > nor are portscans. The security risks come into play on the

Yes, and as I said, I don't see how you believe you are being cost any less money, in fact, you would be generating outbound traffic by sending the tcp-resets, and therefore replying to said packets. If you host a server on the internet, you cannot prevent anyone from accessing any purposefully enabled and accessible services in any reliable fashion. That is to say, if you have configured a network whereby you have some servers being natted to across a firewall, you have no sure-fire way of preventing valid/invalid traffic from reaching your hosts, and thus using your bandwidth, short of dropping the appropriate routes at your ISP.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Indeed, you will only create more cost for yourself if the situation is as tight as you describe it.

--
Chris Shepherd



---------------------------------------------------------------------------
----------------------------------------------------------------------------