Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Advice on Inbound FTPD setup under TIS requested.
From: "Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787 3792)" <NITTMANN @ UWLAX . EDU>
Date: Wed, 2 Feb 94 08:17 CDT
To: firewalls @ greatcircle . com

Hi,
since we have seen the nice C stubs, we can do anything with it, 
right?

I would add a third (my) strategy: reply nothing and start a process
(just a rough C program) to analyze as fast and precise as possible 
(tracerouting, hopcount variation) where it comes from, what 
gateways it uses, and mail it to root. Next morning you have your 
collection of insomniacs in your mail, traced down to the origin.
Friendly mail to the domain's contact will clear if it was a masked 
address, or it informs the foreign domain contact that somebody 
within his area of responsability is monkeying around.

In case of repetition: mail to cert.

I would never honor a request with a confirming message like "Hi, 
welcome at your point of destination, now try just a little bit 
harder" (icmp unreachable, redirect etc). 

There is, however, a compromise to be made:
tcp connection resets to well known sockets are difficult to 
eliminate since some are useful for public contact. Here I think, only the 
pure conservative passive TTDS approach helps: trace, track, 
document, snitch.

Mike


Follow-Ups:
Indexed By Date Previous: Re: Advice on Inbound FTPD setup under TIS requested.
From: "Robert G. Moskowitz" <0003858921 @ mcimail . com>
Next: ftpd and passwd files
From: hobbit @ babyoil . ftp . com (*Hobbit*)
Indexed By Thread Previous: Re: Advice on Inbound FTPD setup under TIS requested.
From: "Robert G. Moskowitz" <0003858921 @ mcimail . com>
Next: Re: Advice on Inbound FTPD setup under TIS requested.
From: Shyela Aberman <labsha @ unix . cc . emory . edu>

Google
 
Search Internet Search www.greatcircle.com