-=> Sean Dennis wrote to Sampsa Laine <=-

 SD> Eh, if someone tries it, they get canned.  I'm currently blocking 28
 SD> countries or 18,751 networks and I have zero problems.  If they can't
 SD> connect, they can't cause problems.

Yes but how do you detect succesful attempts - my point being that if they
compromise the BBS software you're unlikely to know about it until it's too
late.

I'm talking about an attacker coming in from somewhere relatively sane, to 
a non-blocked port (your network level firewall won't help if they're 
connecting over Telnet and you've allowed Telnet, for example).

What I'm talking about is a separate firewall (from the BBS software) 
that does some deep level packet inspection (even simple stuff like 
looking for a NOP sled) and blocks connections based on stuff going 
on at layer 7, just like a web application firewall, instead of just 
the usual "connection from china? Drop" or "connection on
disallowed port?
drop" 
things of network/transport level firewalls.

In reality of course I doubt anyone will produce this - since no one 
who cares about security uses telnet, and this wouldn't work for anything 
encrypted :)

Sampsa



... MultiMail, the new multi-platform, multi-format offline reader!
--- MultiMail/Darwin v0.49
--- SBBSecho 2.11-Win32