Comments on: TTL Caging: How to Fight Malware Using Reduced TTL Values http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values grep understanding Fri, 25 May 2012 02:15:50 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Daniel Miessler http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values/comment-page-1#comment-145389 Daniel Miessler Sun, 18 May 2008 19:59:22 +0000 http://dmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values#comment-145389 <p>Guys,</p> <p>I agree that this would just be another layer if one was already doing the blocking at the firewall. That's a valid point. I just think it's an interesting and elegant way of approaching the problem.</p> Guys,

I agree that this would just be another layer if one was already doing the blocking at the firewall. That’s a valid point. I just think it’s an interesting and elegant way of approaching the problem.

]]> By: Daniel Miessler http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values/comment-page-1#comment-251665 Daniel Miessler Sun, 18 May 2008 19:59:00 +0000 http://dmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values#comment-251665 <p>Guys,</p> <p>I agree that this would just be another layer if one was already doing the blocking at the firewall. That's a valid point. I just think it's an interesting and elegant way of approaching the problem.</p> Guys,

I agree that this would just be another layer if one was already doing the blocking at the firewall. That’s a valid point. I just think it’s an interesting and elegant way of approaching the problem.

]]> By: Kenneth R Swain II http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values/comment-page-1#comment-145185 Kenneth R Swain II Sun, 18 May 2008 03:43:05 +0000 http://dmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values#comment-145185 <p>Would not a good egress rule be far more beneficial? I love the way he was thinking, but this would be very hard to maintain. Plus I do not even believe possible in environments that include WAN links such as MPLS or others. One argument that you could use would be that your work place will not let you use good egress rules. If that is they case it seems far fetched that they would let you do this as it would make trouble shooting more difficult.</p> Would not a good egress rule be far more beneficial? I love the way he was thinking, but this would be very hard to maintain. Plus I do not even believe possible in environments that include WAN links such as MPLS or others. One argument that you could use would be that your work place will not let you use good egress rules. If that is they case it seems far fetched that they would let you do this as it would make trouble shooting more difficult.

]]> By: Kenneth R Swain II http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values/comment-page-1#comment-251664 Kenneth R Swain II Sun, 18 May 2008 03:43:00 +0000 http://dmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values#comment-251664 <p>Would not a good egress rule be far more beneficial? I love the way he was thinking, but this would be very hard to maintain. Plus I do not even believe possible in environments that include WAN links such as MPLS or others. One argument that you could use would be that your work place will not let you use good egress rules. If that is they case it seems far fetched that they would let you do this as it would make trouble shooting more difficult.</p> Would not a good egress rule be far more beneficial? I love the way he was thinking, but this would be very hard to maintain. Plus I do not even believe possible in environments that include WAN links such as MPLS or others. One argument that you could use would be that your work place will not let you use good egress rules. If that is they case it seems far fetched that they would let you do this as it would make trouble shooting more difficult.

]]> By: kuza55 http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values/comment-page-1#comment-145167 kuza55 Sun, 18 May 2008 01:25:58 +0000 http://dmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values#comment-145167 <p>And the benefit of using this instead of a firewall is what? That anyone who wants to <em>can</em> circumvent it? That doesn't seem like a very useful idea to me...Especially since you're still relying on being able to identify bad traffic going through the proxy.</p> <p>P.S. IDS' suck.</p> And the benefit of using this instead of a firewall is what? That anyone who wants to can circumvent it? That doesn’t seem like a very useful idea to me…Especially since you’re still relying on being able to identify bad traffic going through the proxy.

P.S. IDS’ suck.

]]> By: kuza55 http://danielmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values/comment-page-1#comment-251663 kuza55 Sun, 18 May 2008 01:25:00 +0000 http://dmiessler.com/blog/ttl-caging-how-to-fight-malware-using-reduced-ttl-values#comment-251663 <p>And the benefit of using this instead of a firewall is what? That anyone who wants to <em>can</em> circumvent it? That doesn't seem like a very useful idea to me...Especially since you're still relying on being able to identify bad traffic going through the proxy.</p> <p>P.S. IDS' suck.</p> And the benefit of using this instead of a firewall is what? That anyone who wants to can circumvent it? That doesn’t seem like a very useful idea to me…Especially since you’re still relying on being able to identify bad traffic going through the proxy.

P.S. IDS’ suck.

]]>