No subject


Thu Nov 23 16:36:19 EST 2017


cry.  From a practical, real world perspective, yeah sometimes stuff has to
work that way.  Sigh.


> If someone hacked me they would benefit nothing.

That is NOT true!  First, even if you don't think you have anything valuable
stored on your network, you're probably wrong (even home networks have Quicken
or TurboTax or something).  But that doesn't even matter.  Things that an
attacker can gain from ANY compromised network are (simplistic view):

* Resources:
 - Free storage space for warez or porn (especially, unfortunately, kiddy
porn)
 - Zombies--"remote control" hosts that can do any number of bad things
* A jump off point to attack other people.  Similar to zombies, but with less
remote control.  I.e. telnet or ssh into the cracked box, then start attacking
from there. For an extreme example, how about they start hacking at
whitehouse.gov and the Secret Service shows up at your door one day?


> Needless to say its hard to hack someone when Icmp Pings are dropped via
> Iptables.

Whatever makes you say this?  That's totally false.  First, as Fred McFeeter
pointed out, there are other ways to "ping" devices using TCP or UDP. Second,
very few vulnerabilities are directly related to ICMP.  That's used mostly to
find devices to attack, which I think you were implying, but the corollary is
that you're dealing with a reasonably sophisticated attacker who is methodical
and actually does recon and puts some thought into it.  Unless they are
specifically looking for free storage space or zombies, they probably won't
target you as an individual network.

Worms, and increasing numbers of script kiddie attacks simply do a brute force
attack.  They try whatever exploit they have against EVERYTHING on an IP
range.  If you are vulnerable, then you are cracked.  Simple as that, no ICMP
required.


> So anyway, I appreciate the concern and the answer I have received...so
> far all is working great with the Snort RPM's. Thanks!

Excellent!

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?





More information about the Snort-users mailing list