Salutations...
What do you use to defend your box?
(Notwithstanding it's no secret that... "foolproof" protection IS impossible)
My (xlib?) Secure by default "strict" firewall Intrusion prevention system strategy is...
" P0f "... ( IP stack fingerprinting )
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=78203
" Systrace "... ( Principle of least privilege )
http://webwarper.net/ww/~av/slakfinder. ... e=#results
" Fail2ban "... ( Intrusion prevention system )
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=77999
" Bird Internet routing daemon "... ( Bogon filtering )
http://webwarper.net/ww/~av/slakfinder. ... e=#results
in addition... xtables-addon ( Null route )
http://webwarper.net/ww/~av/slakfinder. ... e=#results
also... fwknop ( Port knocking )...
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=78017
and of course... Snort ( Intrusion prevention system ).
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=78311
IMHO... you lock your front door to stop "everyone" NOT "anyone" from getting in.
Security is about deterrence NOT prevention (Moore's law makes prevention impossible)...
Also consider this... deterrence (with a modest overhead) has the bonus effect of increasing performance/reliability (when successful).
TGIF...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service