[Snort-users] stupid question

John Sage jsage at ...2022...
Sat Jun 7 11:36:02 EDT 2003


I don't know if your subject line was an attempt at reverse psychology
or what; personally, I only looked at your post to see just how stupid
your question was.

Turns out it wasn't stupid, so much as kinda like "how many angels can
dance on the head of a pin?"

On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:
> 
> Ok, I have Snort up and running with ACID and I love it.  Very powerful tool
> and it really sheds light on what's really going on in your network.

Flattery will get you nowhere :-/

> Now my question.  I have beautiful view of people trying to attack our
> network.  Is there anything that can be done about these people?  Will ISPs
> do anything with no proof of an actual break in, just attempted break-ins?
> Is there anyway that I can at least trace the IP to an E-mail address and
> say "I'm watching you"?

This is one of the ancient questions:

"All these people are *ATTACKING* me! Can't someone do *SOMETHING*??"

The answer breaks down into two philosophical positions:

1) Get over it. Probes are extremely common, and if you're
well-protected, view them as so much water off a duck's back and get
on with your life.

2) Gnash your teeth, post messages to various abuse@ and/or
postmaster@ and/or newsgroups and/or whatever, and never get any real
satisfaction;

2.a) Join dshield (http://www.dshield.org/) and sign up for Fight
Back! and *then* get on with your life...

Personally, I'm in group 1)...

> I have the feeling that the answer is probably going to be "No. Without
> break-ins, no one will do anything".

More like "Almost nothing will happen, even after a breakin."

Think about it. You get cracked by some punk from (in no particular
order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet...

Who ya gonna call? The Office of Homeland Security? The FBI? Your
local police? InterPol? NATO?

hmm..



- John
-- 
"You are in a twisty maze of weblogs, all alike."

See our all-new look! http://www.finchhaven.com/




More information about the Snort-users mailing list