[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Contribute to pf(4)

To: Theo de Raadt <deraadt@cvs.openbsd.org>
Subject: Re: Contribute to pf(4)
From: "Joseph W. Shaw II" <mrman@darkside.org>
Date: Tue, 16 Jul 2002 04:52:45 -0500 (CDT)
Cc: bln@nc.prestige.net, <misc@openbsd.org>

On Tue, 16 Jul 2002, Theo de Raadt wrote:

> > It's in essence a sanity check.  Wouldn't you think something odd was
> > happening if you're seeing traffic from a supposedly unused or reserved
> > network?  It's possible that could be indicative of other issues that
> > should be looked into.  Similar to the theory behind network IDS.
>
> Balony.  It is an utter waste of time.  Don't you guys have something
> better to do?

Balonga or baloney, take your pick.

In essence you're saying blocking possible spoofed traffic is a waste of
time and not an indicator of abnormal network behavior, or am I
misunderstanding you Theo?  That would seem to fly in the face of accepted
network security practices endorsed by just about everyone.  It's
considered a good idea to block RFC1918 reserved address space for public
use, but not other unassigned/reserved space according to you?

I'd love to hear what evidence you have to the contrary.

Regards,
--
Joseph

Follow-Ups:
- Re: Contribute to pf(4)
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>
- Re: Contribute to pf(4)
  - From: Darren Reed <avalon@coombs.anu.edu.au>

References:
- Re: Contribute to pf(4)
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: Re: Contribute to pf(4)
Next by Date: Re: Contribute to pf(4)
Prev by thread: Re: Contribute to pf(4)
Next by thread: Re: Contribute to pf(4)
Index(es):
- Date
- Thread