[70534] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Barracuda Networks Spam Firewall

daemon@ATHENA.MIT.EDU (Christopher X. Candreva)
Tue May 18 15:51:51 2004

Date: Tue, 18 May 2004 15:48:28 -0400 (EDT)
From: "Christopher X. Candreva" <chris@westnet.com>
To: nanog@merit.edu
In-Reply-To: <200405181937.i4IJbOm9025858@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu

On Tue, 18 May 2004 Valdis.Kletnieks@vt.edu wrote:

> So your auditor wouldn't mind if you kept an unencrypted list of credit card
> numbers on a DMZ box, because if somebody hacks the box they can gather those
> over time? :)

This is hardly the same thing.  E-mail addresses are public, credit card 
numbers aren't. Email addresses can be gotten by brute-force checking fairly 
easily without even cracking the machine.  card numbers can't.

What would your auditor think about your secondary MX being used as a DOS 
amplifier because it sends out thousands of bogus bounces to forged 
addresses  ?

==========================================================
Chris Candreva  -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[70534] in North American Network Operators' Group

Re: Barracuda Networks Spam Firewall

daemon@ATHENA.MIT.EDU (Christopher X. Candreva)Tue May 18 15:51:51 2004

daemon@ATHENA.MIT.EDU (Christopher X. Candreva)
Tue May 18 15:51:51 2004