Snort mailing list archives
Re: stupid question
From: Jeff Nathan <jeff () snort org>
Date: Sun, 08 Jun 2003 01:18:06 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Saturday, June 07, 2003 11:37:52 -0700 John Sage <jsage () finchhaven com> wrote: [...]
On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:
[...]
Now my question. I have beautiful view of people trying to attack our network. Is there anything that can be done about these people? Will ISPs do anything with no proof of an actual break in, just attempted break-ins? Is there anyway that I can at least trace the IP to an E-mail address and say "I'm watching you"?This is one of the ancient questions: "All these people are *ATTACKING* me! Can't someone do *SOMETHING*??" The answer breaks down into two philosophical positions: 1) Get over it. Probes are extremely common, and if you're well-protected, view them as so much water off a duck's back and get on with your life. 2) Gnash your teeth, post messages to various abuse@ and/or postmaster@ and/or newsgroups and/or whatever, and never get any real satisfaction; 2.a) Join dshield (http://www.dshield.org/) and sign up for Fight Back! and *then* get on with your life... Personally, I'm in group 1)...I have the feeling that the answer is probably going to be "No. Without break-ins, no one will do anything".More like "Almost nothing will happen, even after a breakin." Think about it. You get cracked by some punk from (in no particular order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet... Who ya gonna call? The Office of Homeland Security? The FBI? Your local police? InterPol? NATO? hmm..
For anyone who happens to be a Usenix member, I suggest reading Dan Geer's article in the latest issue of ;Login: "Getting The Problem Statement Right". Whether I agree with Dan's arguments? No comment. - -Jeff
- John -- "You are in a twisty maze of weblogs, all alike." See our all-new look! http://www.finchhaven.com/
- -- http://cerberus.sourcefire.com/~jeff (pgp key available) "Great spirits have always encountered violent opposition from mediocre minds." - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE+4vFBEqr8+Gkj0/0RAsFJAKCXgdr8PwYVyCiZuUzjRX/B0J4+EgCfU7Ge Coz0pzGV0fbcoHA38mM3PDk= =40JB -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- stupid question Chris (Jun 06)
- Re: stupid question John Sage (Jun 07)
- Re: stupid question james (Jun 07)
- Re: stupid question Jeff Nathan (Jun 08)
- <Possible follow-ups>
- RE: stupid question Chris (Jun 09)
- Re: stupid question John Sage (Jun 07)