Re: Deutsche-Telekom sets the standard for network security! (??)
From: gr8matt (gr8rmatt@pacbell.net)Date: 12/18/01
- Next message: David Tillotson: "Unknown UDP packets - should I worry?"
- Previous message: Kenneth Persing: "Getting WinXP or Win2000 client to authenticate against linux KDC"
- In reply to: Ian Jones: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- Next in thread: John Doe: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- Reply: John Doe: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "gr8matt" <gr8rmatt@pacbell.net> Date: Tue, 18 Dec 2001 07:59:04 GMT
I am rather new to the entire security field (I became interested when I got
cracked) and find the whole "religious debate" quite amazing. I had no idea
that people were so hardcore (for lack of a better word) on security.
Several of you say that you report port sniffers almost every time. Are you
telling me that you go through and research each and every IP address that
sniffs your system? I am asking this in all honesty - not trying to be
sarcastic. I have only had a server up for 2 months now and get at least
5 - 10 hits a night. Do you have some type of script that sends an email
out or how do you handle all that traffic? I assume that you block IP's in
the hosts.deny file. Are there ranges that you block?
If your job is strictly security, I might be able to see being able to do
this. However, I have a two man shop and don't have enough time in the day
to get my regular duties done muchless track every port sniffer running a
script kitty.
Please tell me if you think I am off base here. The way it sounds, I may
need to focus more attention on what I considered to be "almost innocent"
sniffs.
Matt
Ian Jones <ian@dsl081-056-052.sfo1.dsl.speakeasy.net> wrote in message
news:m3vgf5p3kz.fsf@mobile.lan...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> This is not a religious debate, but it is often treated as one around
> here. Sometimes people (myself included) fail to put it in perspective.
>
> My take on it is that some sites/networks will be better off reporting
> EOI for a number of reasons, not least of which is to help justify the
> security department's existence. It can also help lay the groundwork
> for prosecution or justify the banning of particular networks and
> traffic types. In an altruistic sense you are helping everyone by
> putting your detects out there for others to correlate activity
> patterns with abusers. If you have the sensors and time why
> not...especially if it is your job. Not only that, it is fun!
>
> On the other hand, sometimes reporting everything is just plain
> stupid. If you can not possibly make a case for abuse given the
> information you can provide you had better take it easy when you
> report your events. If it is causing you more stress than damage you
> should probably consider filtering your data for actual incidents as
> opposed to detects...not everyone is obligated (or, ahem...qualified)
> to separated the wheat from the chaff. My best example of this is Code
> Red. It couldn't possibly hurt my computers except for making me spend
> time filtering noise. I only report the ones on my netblock to my ISP
> as a courtesy to the owners of those machines.
>
> -----BEGIN PGP SIGNATURE-----
> Comment: Keeping the world safe for geeks.
>
> iD8DBQE8HsKbwBVKl/Nci0oRAorTAJ4vLWgiHWz6lGsuIhGxuhvfaCeeggCgpELv
> om8y8DeMZwM8LTzcPcWSXus=
> =XrYe
> -----END PGP SIGNATURE-----
- Next message: David Tillotson: "Unknown UDP packets - should I worry?"
- Previous message: Kenneth Persing: "Getting WinXP or Win2000 client to authenticate against linux KDC"
- In reply to: Ian Jones: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- Next in thread: John Doe: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- Reply: John Doe: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
