[Snort-users] stupid question

Jeff Nathan jeff at ...950...
Sun Jun 8 01:19:02 EDT 2003

Hash: SHA1

- --On Saturday, June 07, 2003 11:37:52 -0700 John Sage 
<jsage at ...2022...> wrote:


> On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:


>> Now my question.  I have beautiful view of people trying to attack our
>> network.  Is there anything that can be done about these people?  Will
>> ISPs do anything with no proof of an actual break in, just attempted
>> break-ins? Is there anyway that I can at least trace the IP to an E-mail
>> address and say "I'm watching you"?
> This is one of the ancient questions:
> "All these people are *ATTACKING* me! Can't someone do *SOMETHING*??"
> The answer breaks down into two philosophical positions:
> 1) Get over it. Probes are extremely common, and if you're
> well-protected, view them as so much water off a duck's back and get
> on with your life.
> 2) Gnash your teeth, post messages to various abuse@ and/or
> postmaster@ and/or newsgroups and/or whatever, and never get any real
> satisfaction;
> 2.a) Join dshield (http://www.dshield.org/) and sign up for Fight
> Back! and *then* get on with your life...
> Personally, I'm in group 1)...
>> I have the feeling that the answer is probably going to be "No. Without
>> break-ins, no one will do anything".
> More like "Almost nothing will happen, even after a breakin."
> Think about it. You get cracked by some punk from (in no particular
> order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet...
> Who ya gonna call? The Office of Homeland Security? The FBI? Your
> local police? InterPol? NATO?
> hmm..

For anyone who happens to be a Usenix member, I suggest reading Dan Geer's 
article in the latest issue of ;Login: "Getting The Problem Statement 

Whether I agree with Dan's arguments?  No comment.

- -Jeff

> - John
> --
> "You are in a twisty maze of weblogs, all alike."
> See our all-new look! http://www.finchhaven.com/

- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
Version: GnuPG v1.0.7 (OpenBSD)


More information about the Snort-users mailing list