Re: Details of networks posted on list
On Fri, 4 Jan 2002, martin f krafft wrote:
> in any case, i humbly believe that the topology and everything else
> (even firewall rules) should be available to anyone (upon request
> maybe), and that the entire setup is only secure, if it can still stand
> against attacks. security by obscurity is nice, but the basis has to be
> solid and done before you can add obscurity...
I beg to differ. On debian-user, especially, you cant expect to
have the people who post there be very knowledgeable in security. In their
case, I would venture to suggest that every little bit of obscurity helps.
It doesnt mean that their system is secure. But it does mean that they are
not issuing invitations to be hacked.
> i think it's not going to be so effective. people usually post ifconfig
> outputs (and others), and don't even bother to go through the individual
> lines. either lists.debian.org runs list mail through a filter, or you
> just let them be... most have dynamic IPs anyway, and if you have a
> static IP and you post that IP you either need a hit in the face to
> learn, or you have a bullet-proof system already.
> why not warn people of dDoS attacks and leaving their "servers" on their
> DSL line permanently while not even knowing how to spell "security"...
> discovering an IP address is very trivial. for instance, you are
Well, I'm impressed. But that doesnt mean that the network I am
writing about is the same network I am posting from. So I could, if I am
careless, compromise a work network while posting from home.