> With all the respect... I think your ideea is a BAD one ! Why ? Well... > It might be verry efective if one to... mhm... 100 persons would aply > this technique. That's because hackers/worms wouldn't mind loosing a few > servers if they got the rest of the world. But if this technique would > became a standard then the worm-industry (if there is such a thing) > would also evolve... making it brute-force the addreses. I admit that > brute-forcing would slow down the worm/hacker/whatever... but this is no > way of looking at the security. This is like protecting a house/store by > putting 15 doors that all could be easily broken... Of course there is a > chance that a thief trying to break in would get bored breaking door > after door... but if he's really determined... Well... I guess I made my > point. I fail to see how adding security that doesn't have a performance or stability cost is ever a bad thing. No one is suggesting that the security community *rely* on this technique for security. It is an additional layer - the classic 'denfense in depth' that we are constantly touting. People keep saying "but it won't stop everything", and that's true. But since when have we turned down a security procedure that is not a silver bullet against all evils? I'd love to make it harder for worms to attack my systems. I'd love for them to take longer to break into the machines down the hall. That means things will spread slower, and we can stop the damage quicker. Why is this bad? > Rebasing might be usefull up to some point. But it contains a "mental" > vulnerability. If one would apply this technique he would probably think > he is safe and neglect updating his security. David has not suggested that this is a solution. And any administrator who has such a "mental" vulnerability probably has several other non-rebasing related vulnerabilities on their servers anyway. They probably think that a firewall stops all attacks, so wouldn't bother rebasing in the first place. This is not a satisfying argument against rebasing. If rebasing causes a problem with performance, stability or the ability to apply security-related patechs, that's a good argument against it for that envoronment. It may even be application-specific, and I have no knowledge of how well you can perform it on Windows boxen. But I don't see any reason that you shouldn't if it can be done right. More layers of security are good... additional layers of security are good... additional layers of security are good... -- Brian Hatch Microbiology Lab: Systems and Staph Only! Security Engineer www.hackinglinuxexposed.com Every message PGP signed
Attachment:
pgp00289.pgp
Description: PGP signature
