6 Aug
2004
6 Aug
'04
4:34 p.m.
Robert Bonomi wrote:
<>*HOW* is one supposed to tell a 'benign' probe from a 'hostile' one, when it is addressed to a machine that doesn't exist, or to a 'service' that doesn't exist on an existant machine?
With all the 'overtly hostile' traffic out there, why on earth would anyone consider that, with regard to 'unexpected'/'abnormal' traffic, there should be _any_ 'expectation of innocence'?
Easy, they need to set the evil bit to 0 ;)