[Snort-users] stupid question
jeff at ...950...
Sun Jun 8 01:19:02 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
- --On Saturday, June 07, 2003 11:37:52 -0700 John Sage
<jsage at ...2022...> wrote:
> On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:
>> Now my question. I have beautiful view of people trying to attack our
>> network. Is there anything that can be done about these people? Will
>> ISPs do anything with no proof of an actual break in, just attempted
>> break-ins? Is there anyway that I can at least trace the IP to an E-mail
>> address and say "I'm watching you"?
> This is one of the ancient questions:
> "All these people are *ATTACKING* me! Can't someone do *SOMETHING*??"
> The answer breaks down into two philosophical positions:
> 1) Get over it. Probes are extremely common, and if you're
> well-protected, view them as so much water off a duck's back and get
> on with your life.
> 2) Gnash your teeth, post messages to various abuse@ and/or
> postmaster@ and/or newsgroups and/or whatever, and never get any real
> 2.a) Join dshield (http://www.dshield.org/) and sign up for Fight
> Back! and *then* get on with your life...
> Personally, I'm in group 1)...
>> I have the feeling that the answer is probably going to be "No. Without
>> break-ins, no one will do anything".
> More like "Almost nothing will happen, even after a breakin."
> Think about it. You get cracked by some punk from (in no particular
> order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet...
> Who ya gonna call? The Office of Homeland Security? The FBI? Your
> local police? InterPol? NATO?
For anyone who happens to be a Usenix member, I suggest reading Dan Geer's
article in the latest issue of ;Login: "Getting The Problem Statement
Whether I agree with Dan's arguments? No comment.
> - John
> "You are in a twisty maze of weblogs, all alike."
> See our all-new look! http://www.finchhaven.com/
http://cerberus.sourcefire.com/~jeff (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users