Why not? Packets travel quickly even on small pipes...
If a block takes 3 seconds to implement, how many packets
will have gone by, even on a small link? It has been a
long time since I saw a link that couldn't handle enough
packets per second to get a nasty backdoor loaded in less
than 3 seconds..

toby

> -----Original Message-----
> From: mb_lima [mailto:mb_limauol.com.br]
> Sent: Tuesday, January 28, 2003 8:39 AM
> To: FGarbrechtecogchair.org
> Cc: Kohlenberg, Toby; RLosenteredge.com; detmar.liesenlds.nrw.de;
> abegetchellqx.net; focus-idssecurityfocus.com
> Subject: RE: Active response... some thoughts.
>
>
>
> Toby,
>
> > Actually, TCP resets don't work in many cases-
> for instance any
> > situation where you have a single packet exploit (say the Sa
> phire
> > worm that just ran through the Net)... This is the same prob
> lem
> > that router/firewall reconfiguration has-
> by the time the response
> > happens, the compromise is done.
>
> I agree with you, but I think that in low bandiwith links
> this is not a problem.
>
> Marcelo.
>
>
> ---
> UOL, o melhor da Internet
> http://www.uol.com.br/
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]