Great Circle Associates Firewalls
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Milkyway SecurIT - what for?
From: "David Harvey-George" <david @ threewiz . demon . co . uk>
Date: Thu, 2 Oct 1997 23:37:32 +0100
To: "Non Receipt Notification Requested" <firewalls @ GreatCircle . COM> 

----------
> From: Alfred Huger <huger @
 silence .
 secnet .
 com>
> To: manuel .
 ricca @
 pararede .
 pt
> Cc: Non Receipt Notification Requested <firewalls @
 GreatCircle .
 COM>
> Subject: Re: Milkyway SecurIT - what for?
> Date: Wednesday, October 01, 1997 7:29 PM
> 
> 
> 
> On 24 Sep 1997 manuel .
 ricca @
 pararede .
 pt wrote:
> 
> > 
> > 
> > Hello everybody,
> > Here is a quotation from Milkyway's insufficiently documented website:
> > 
> > "All Ports Accept Communications
> > 
> > An effective way to protect a system from unauthorized access is to
prevent an intruder from learning anything about the
> > system. As described, port scanning normally provides an intruder with
exploitable information about a system. However, if all
> > the would-be intruder learns is that all ports are accepting
communications the intruder is no further ahead. There is nothing to
> > distinguish one port from another. No new information is gained."
> > 
> > What??? Is this supposed to be an idiot-security-manager-proof measure?
At the expense of performance (has to)?
> > Or did I just miss the point here?
> 
> 
> You missed the point, completely. The reason the Milkyway Firewall keeps
> all it's ports listening is to confuse port scanners. When a user
performs
> a scan, they find *all* ports listening and therefore have no easily
> definable targets. 
> 
> It also rings bells for the Firewall Admin so he/she can see he/she is
> being scanned. It's not a panacea, nor is it a poor idea. Honeypots and
> fake services are an important part of any perimeter system IMO. The
> longer you keep a would be intruder poking the more of a chance you stand
> of noticing the activity.
> 
> In fact, we wrote a similar utility at our company just for kicks to
> see what we would get. The service is a fake portmapper which returns 
> a number of fake services. Any requests to the portmapper or to the
> services is packet logged. We manage to log 3 or 4 people a week door
> knocking, handy stuff really.  
> 
> rpcinfo -p silence.secnet.com
> 
>
/*************************************************************************
> Alfred Huger						Phone: 403.262.9211	
> Secure Networks Inc.					Fax: 403.262.9221
>
**************************************************************************/
Indexed By Date Previous: Re: Just wondering - pipeline computer firewalls?
From: "Billy Verreynne" <vslabs @ onwe . co . za>
Next: [no subject]
From: Jens Askengren <ing9705 @ ind . mh . se>
Indexed By Thread Previous: Re: Milkyway SecurIT - what for?
From: "Michael C. Richardson" <mcr @ sandelman . ottawa . on . ca>
Next: RE: PC-Anywhere - Custom Protocol?
From: "Paquette, Trevor" <TrevorPaquette @ mcc . net>
Google
 
Search Internet Search www.greatcircle.com