Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Advice on Inbound FTPD setup under TIS requested.
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Date: Wed, 02 Feb 1994 13:56:52 -0800
To: "Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787 3792)" <NITTMANN @ UWLAX . EDU>
Cc: firewalls @ greatcircle . com
In-reply-to: Your message of Wed, 2 Feb 94 08:17 CDT

"Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787
 3792)" <NITTMANN @
 UWLAX .
 EDU> writes:

# Hi,
# since we have seen the nice C stubs, we can do anything with it, 
# right?
# 
# I would add a third (my) strategy: reply nothing and start a process
# (just a rough C program) to analyze as fast and precise as possible 
# (tracerouting, hopcount variation) where it comes from, what 
# gateways it uses, and mail it to root. Next morning you have your 
# collection of insomniacs in your mail, traced down to the origin.
# Friendly mail to the domain's contact will clear if it was a masked 
# address, or it informs the foreign domain contact that somebody 
# within his area of responsability is monkeying around.
# 
# In case of repetition: mail to cert.

I would recommend never configuring a program to automatically mail
something to CERT.  Someone at your site _really_ ought to review any
such messages before, perhaps, forwarding them on to CERT.  If lots of
people did what you suggest above, CERT would spend a major amount of
their time fending off incoming email from whatever auto-reporting
system is broken today (just like 2/3 of my email is bounces from
whatever 6 or 10 addresses on the Firewalls mailing list happen to be
broken today).


-Brent
--
Brent Chapman                                   Great Circle Associates
Brent @
 GreatCircle .
 COM                           1057 West Dana Street
+1 415 962 0841                                 Mountain View, CA  94041

Indexed By Date Previous: Re: Dial-up security
From: Adam Shostack <adam @ bwh . harvard . edu>
Next: manufactures codes for ethernet
From: stan @ dot . ca . gov ( )
Indexed By Thread Previous: Re: Advice on Inbound FTPD setup under TIS requested.
From: Shyela Aberman <labsha @ unix . cc . emory . edu>
Next: Re: Advice on Inbound FTPD setup under TIS requested.
From: Shyela Aberman <labsha @ unix . cc . emory . edu>

Google
 
Search Internet Search www.greatcircle.com