chargen is the new DDoS tool?

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm going to bypass the academic vs. non-academic security argument
because I've worked everywhere, and from a security viewpoint, there
is plenty of fail to go around.

On Tue, Jun 11, 2013 at 09:37:04PM -0400, Ricky Beam wrote:
> I run a default deny
> policy... if nothing asked for it, it doesn't get in.

This is a fine thing and good thing.  But as you've expressed it here,
it's incomplete, because of that last clause: "it doesn't get in".
For default-deny to be effective, it has to be bidirectional.

Please don't tell me it can't be done.  I've done it.  Repeatedly.
It's a LOT of work. (Although progess in toolsets keeps making it easier.)
But it's also essential, since your responsibility is not just to defend
your operation from the Internet, but to defend the Internet from your
operation.

---rsk

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]