Re: stupid question

[Jeff Nathan <jeff () snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- --On Saturday, June 07, 2003 11:37:52 -0700 John Sage 
<jsage () finchhaven com> wrote:

[...]

> On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:
> >

[...]

> > Now my question.  I have beautiful view of people trying to attack our
> > network.  Is there anything that can be done about these people?  Will
> > ISPs do anything with no proof of an actual break in, just attempted
> > break-ins? Is there anyway that I can at least trace the IP to an E-mail
> > address and say "I'm watching you"?
>
> This is one of the ancient questions:
>
> "All these people are *ATTACKING* me! Can't someone do *SOMETHING*??"
>
> The answer breaks down into two philosophical positions:
>
> 1) Get over it. Probes are extremely common, and if you're
> well-protected, view them as so much water off a duck's back and get
> on with your life.
>
> 2) Gnash your teeth, post messages to various abuse@ and/or
> postmaster@ and/or newsgroups and/or whatever, and never get any real
> satisfaction;
>
> 2.a) Join dshield (http://www.dshield.org/) and sign up for Fight
> Back! and *then* get on with your life...
>
> Personally, I'm in group 1)...
>
> > I have the feeling that the answer is probably going to be "No. Without
> > break-ins, no one will do anything".
>
> More like "Almost nothing will happen, even after a breakin."
>
> Think about it. You get cracked by some punk from (in no particular
> order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet...
>
> Who ya gonna call? The Office of Homeland Security? The FBI? Your
> local police? InterPol? NATO?
>
> hmm..

For anyone who happens to be a Usenix member, I suggest reading Dan Geer's 
article in the latest issue of ;Login: "Getting The Problem Statement 
Right".

Whether I agree with Dan's arguments?  No comment.

- -Jeff

> - John
> --
> "You are in a twisty maze of weblogs, all alike."
>
> See our all-new look! http://www.finchhaven.com/

- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
minds."
- - Albert Einstein
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+4vFBEqr8+Gkj0/0RAsFJAKCXgdr8PwYVyCiZuUzjRX/B0J4+EgCfU7Ge
Coz0pzGV0fbcoHA38mM3PDk=
=40JB
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users