[Snort-users] stupid question

Jeff Nathan jeff at ...950...
Sun Jun 8 01:19:02 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- --On Saturday, June 07, 2003 11:37:52 -0700 John Sage 
<jsage at ...2022...> wrote:

[...]

> On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:
>>

[...]

>> Now my question.  I have beautiful view of people trying to attack our
>> network.  Is there anything that can be done about these people?  Will
>> ISPs do anything with no proof of an actual break in, just attempted
>> break-ins? Is there anyway that I can at least trace the IP to an E-mail
>> address and say "I'm watching you"?
>
> This is one of the ancient questions:
>
> "All these people are *ATTACKING* me! Can't someone do *SOMETHING*??"
>
> The answer breaks down into two philosophical positions:
>
> 1) Get over it. Probes are extremely common, and if you're
> well-protected, view them as so much water off a duck's back and get
> on with your life.
>
> 2) Gnash your teeth, post messages to various abuse@ and/or
> postmaster@ and/or newsgroups and/or whatever, and never get any real
> satisfaction;
>
> 2.a) Join dshield (http://www.dshield.org/) and sign up for Fight
> Back! and *then* get on with your life...
>
> Personally, I'm in group 1)...
>
>> I have the feeling that the answer is probably going to be "No. Without
>> break-ins, no one will do anything".
>
> More like "Almost nothing will happen, even after a breakin."
>
> Think about it. You get cracked by some punk from (in no particular
> order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet...
>
> Who ya gonna call? The Office of Homeland Security? The FBI? Your
> local police? InterPol? NATO?
>
> hmm..
>

For anyone who happens to be a Usenix member, I suggest reading Dan Geer's 
article in the latest issue of ;Login: "Getting The Problem Statement 
Right".

Whether I agree with Dan's arguments?  No comment.

- -Jeff

> - John
> --
> "You are in a twisty maze of weblogs, all alike."
>
> See our all-new look! http://www.finchhaven.com/

- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
minds."
- - Albert Einstein
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+4vFBEqr8+Gkj0/0RAsFJAKCXgdr8PwYVyCiZuUzjRX/B0J4+EgCfU7Ge
Coz0pzGV0fbcoHA38mM3PDk=
=40JB
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list