On Thu, Oct 16, 2003 at 12:28:01PM -0400, Jason Dixon wrote:
> I believe the OP's concern is that of remote exploit (DoS, script
> kiddies, worms, etc), not of application fraud. He wants to deny at
> layer 3, based on geography.
Yes. And it is a bad idea. My questions were intended to illustrate
that if he could block on geography he will block legitimate
customers.
Another example, which actually came up between when I posted my
previous message and this one: I was looking at overnight logwatch
e-mail and there was a failed ssh login that appeared to be from a
California IP address. Who was trying to break into my machine!?!?
After some wondering it came to me. It was mild mannered, little ol'
ME! In Boston, no less. I had tried an ssh login from my Sprint PCS
("Vision") phone while riding home on the bus--in the Boston area. (I
wasn't interested in logging in, I just wanted to see if sshd was
alive, so I supplied a bogus login.)
I was very much on the east coast and the IP address suggested I was
on the west coast.
Location-based firewalling is not going to work.
If one is interested in security, run a sufficiently secure machine.
And if one is doing automatic transactions be *very* suspicious of
whatever software handles those transactions. Worry especially that
the obscure packages are going to have lots of holes. Be afraid of
CGI scripts, they have mostly not been written with security in mind,
and they have mostly not since been audited for security.
-kb, the Kent who only now would start to trust Squirrelmail, and only
then if keeping it promptly updated with every fix.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
