[plug] Monday meeting summary, Channel 7 tour offer

[Leon Brooks]

Christian wrote:
> scripts
> which "intelligently" react to block probes etc. are generally a bad
> idea and typically open a bigger vulnerability than they close.

A lot depends on how they react. Temporarily adding an IPChains entry,
and extending that to cover a subnet if necessary, limit of 20 per
customer, hardly seems like a "vulnerability". I already block martians,
unused/potentially-insecure services and do egress filtering, so I can't
see how more blocking could increase my risk.

-- 
Dogs have masters. Cats have staff.