[nsp-sec] creative lying

Smith, Donald Donald.Smith at qwest.com
Thu Sep 4 12:22:43 EDT 2008 


Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: Eli Dart [mailto:dart at es.net] 
> Sent: Thursday, September 04, 2008 9:55 AM
> To: Smith, Donald
> Cc: Sean Donelan; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] creative lying
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> > I don't really care if it is strict mode URPF or an acl 
> that says only
> > forward traffic that originated from the set of "inside" IP 
> addresses
> > drop and log all others.
> 
> The trouble with logging that traffic is that in the presence of
> default, all the goo that comes from a laptop when it is woken up in
> the morning after being put to sleep on a residential broadband
> connection ends up in the logs.  This is completely benign of course,
> but if the security folks looking at the logs aren't 
> expecting it, they
> will run around in circles for a while trying to figure out 
> why RFC1918
> addresses are trying to get out to espn.com or whatever....
Good point Eli. I think you could force a dhcp dynamic reconfiguration
to any private address that you saw that wasn't in your private or
public address space. But have not seen a tool that does that
automatically.

http://www.rfc-archive.org/getrfc.php?rfc=3203 



> 
> 
> 		--eli
> 
> - --
> Eli Dart                                         Office: 
> (510) 486-5629
> ESnet Network Engineering Group                  Fax:    
> (510) 486-6712
> Lawrence Berkeley National Laboratory
> PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 
> 5F82 B2B3
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (FreeBSD)
> 
> iEYEARECAAYFAkjABMYACgkQLTFEeF+CsrM7xgCfSKhXoDzpeP8OrbWRU8dd+JX6
> jKQAnRpeLcYQUaR2kHbw8S8gaAWu5b2r
> =qp9d
> -----END PGP SIGNATURE-----
> 


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

More information about the nsp-security mailing list