On Thu, Nov 13, 2003 at 10:58:38AM -0500, sgorman1@gmu.edu wrote:
Good point - then what is the cost of attempting to mitigate or handle attacks vs. doing nothing?
I've found that they're usually higher than doing nothing at all. In the case of the fun in august, people who blocked the microsoft ports that worms were spreading across (i mean newly blocked them that is) saw increased support costs associated with what was broken vs just leaving the network in the state it was. While the increased traffic and infection was a problem, the network devices mostly yawned at the activity and the irate customers who were (ab)using the network to use these MS RPC features were quite vocal about the filtering. This also helped raise customer awareness that we can not filter for them. They must manage their devices in order to keep their network secure or get cut off from our network. - Jared (how i wish microsoft would release a stinking patch CD) -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.