[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Scan detection

Subject: Re: [cobalt-security] Scan detection
From: Frank Smith <fsmith@xxxxxxxxxxx>
Date: Mon, 12 Aug 2002 11:26:10 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

--On Monday, August 12, 2002 09:07:20 -0700 Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx> wrote:

Why is it that after SUN'S new "TCP Hardening" patch and the 8+ new services running on my box now that when you goto "Action Against Detected Scans" and select "Log and Block" you get a message saying " if you enable this option you will be open to
DOS attack's! ?.


Because if someone scans your box using forged source addresses, you will be
blocking the forged addresses, which just might happen to belong to your
customers.  If they forge the IPs to be those of the relatively few AOL proxies,
for example, then the scan could cause you to block everyone from AOL.

Frank

--
Frank Smith                                                fsmith@xxxxxxxxxxx
Systems Administrator                                     Voice: 512-374-4673
Hoover's Online                                             Fax: 512-374-4501

Follow-Ups:
- Re: [cobalt-security] Scan detection
  - From: Paul Jacobs
- Re: [cobalt-security] Scan detection
  - From: Graeme Merrall

References:
- [cobalt-security] Scan detection
  - From: Paul Jacobs

Prev by Date: [cobalt-security] Scan detection
Next by Date: Re: [cobalt-security] Scan detection
Previous by thread: [cobalt-security] Scan detection
Next by thread: Re: [cobalt-security] Scan detection

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index