[Snort-devel] RE: [Snort-users] Possible Queso Fingerprint attempt?

Gregor Binder gbinder at ...462...
Fri Mar 16 05:54:44 EST 2001

Ookhoi on Thu, Mar 15, 2001 at 12:55:22PM +0100:


> > [1] If anyone involved in that asinine decision is reading this, I'd
> > certainly like to thank you for really buggering up a lot of firewalls and
> > IDS's around the world.  That was a great plan, guys.  Top notch execution,
> > too. 
> Ecn is a good thing. The firewalls should be fixed.

I agree that equipment broken with regards to RFC 793 should probably be
fixed. I personally would probably not implement an experimental method
in a production release, and certainly not enable it by default.

And I'm still wondering how a design goal of making my "Internet
Experience more pleasurable" (linux kernel ML FAQ,
http://www.tux.org/lkml/#s14-2) would relate to me being blocked by a
whole lot of routers or firewalls, or my ISP blocking me because people
report things like the Queso Fingerprint from my systems. I guess it
doesn't help 2.4 users that their system is sane and everybody else's is
broken, it doesn't work for THEM. :)

In addition, this might make my "Internet Experience" less secure,
because it forces vendors to provide patches for what would actually be
a non-issue quickly, if deployment of new features would have been done
in a proper way.


Gregor Binder       <gregor.binder at ...462...>      http://sysfive.com/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55

More information about the Snort-users mailing list