-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: mouss [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 12, 2000 1:38 PM
> To: Damian Gerow; [EMAIL PROTECTED]
> Subject: RE: FW: Redirecting closed port connections
>
>
> Damian,
>
> Please do note that the opinion I was defending is not passive at all.
> (yes, [EMAIL PROTECTED] qualified this as passive, but his
> address suggests
> that he works for ESC, a company that sells the product he mentioned;
> and anyway, I wouldn't be proud of a message like his. See
> Ben's reply).
>
>
> I argued that it's no good to waste resources/CPU/time/...,
> it's dangerous
> to allow an attacker to get somewhere even volontarily, ...
> If you feel this is passive, then why not open wide your network,
> and try to catch anyone getting in. Is this active defense?
> so you agree there is a trade-off somewhere? Where to put it
> is the subject
> of this discussion. no method is passive or active.
By "passive", I mean not having an automatic software-based reaction to
the attempt. "active" means doing so. That's all.
I won't quote the rest of your message, as it would seem that you missed
my point slightly. I agree with pretty much everything you say, but my
point is: firewalling reflects its situation. Your firewall won't match
mine, because our situations are a bit different. And aruing one way or
the other will prove nothing.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBORxAuPWPEBDMsfC4EQIIWACePwwUJf9ZBaboMyjYk5C6b1i+KzEAoNjR
7Y5zmCorfDhyQwMM7ojQFnkS
=V+lv
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
