On Mon, May 19, 2003 at 11:12:28AM -0700, Wilmot, Fred wrote: > Great comments. Thank you for the input on various packages available > to support a poor man's intrusion detection tool. Unfortunately, I have > a design task to figure out how to use TCP Wrappers to do such a thing, I've always wondered: With TCPwrappers, your system gets into the TCP handshaking; with packet filters, your system does not. Might there be cases where bugs in the TCP/IP implementation make your system vulnerable to DOS or other attacks in the former case, but not the latter? (Back when I first wondered this, (about '96, during the first reported synflood?) I switched from TCPwrappers to packet filters. Never actually checked this out. ;-) -- Ng Pheng Siong <ngpsat_private> _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 19:35:51 PDT