Brad Huntting says:
> ># Remember, if your security relies on source information, then it's not
> ># security.
> > Bullshit. It may not be perfect, but it _is_ security. It limits the
> > class of attackers to those capable of faking IP packets....
> No only that, it limits most kinds of attacks to situations where the
> attacker can see the return traffic for the machine being mimicked.
> For example, it's probably pretty hard to fake a source address in a
> TCP connection unless you can see the return packets from the machine
> being attacked.
It would cost, in rough terms, about $15-$30,000 to mount a concerted
attack on the communications lines going into my firm. If this yielded
the attacker access to our machines, that could possibly permit them
to manage to commit a fraud that would cost us millions of dollars.
This seems like a pretty good cost/return ratio to me.
Myself, I agree with Rens, which isn't suprising, since we both work
for financial institutions with enormous amounts to lose. Unless you
are using cryptography to verify source, security that relies on
source information is way too weak for anyone who has real assets to
protect. Its one thing if we are talking about your home computer on
the internet -- but who cares if they break into your home computer.
> Selecting on source information _is_ useful, and I for one wish cisco
> would support it.
Personally, I'd say it adds a reduction in the number of false alarms
if you are monitoring attacks for seriousness. This might be valuable.
I believe it is self-deceptive to believe this adds to security.