Security Basics mailing list archives

RE: Need help from a group of experts. I am not a network expert but I play one on tv.

From: LordInfidel <LordInfidel () Directionweb com>
Date: Thu, 11 Sep 2003 14:30:14 -0400

Randy,

If I had half a penny for every port scan and "bot" initiated attack, i'd be
a rich admin.
With that said, and my point for saying is, that it's almost pointless to
try to track these
people down.

Since most of it is coming from owned machines.

The single most important thing when it comes to firewalls and security.  Is
a good ruleset.
As long as you make sure that you are only allowing in what you really want,
and out what you
really want.  That is half the battle.

Restricting POP3 e-mail on your network is a step in a right direction.
That's not to say there is
not a place for it on your network.  You could enable it, but only allow
tcp/110 connections to your
POP3 server.  Same for outbound smtp (tcp/25) connections.  Limit the
ability of what they can connect to.

The next important piece is AV software at the desktop. Configured so that
not only does it scan e-mail, and system files.  But *all* downloaded
attachment and files both from e-mail and the net.  I say *all* because
allot of AV scanners have default files to scan.  You want to scan
everything though.

*-Reverse Hacking, while tempting, is itself hacking.  Like I said before,
most attacks are coming from owned machines.  So reverse hacking those
machines you have just violated an innocent persons machine, and can now be
prosecuted.

*-Penetration testing- Yes, there are numerous such programs.  Most of us
have several of these tools available.  They range from simple port scanners
like fscan, to nmap which has numerous scanning uses.  To vuln scanners like
N-Stealth, ISS security scanner and CyberCop.

Always run these from outside of your network so that you get an accurate
reading.

LordInfidel

-----Original Message-----
From: Randy Opper [mailto:ropper () firstsecurityonline com]
Sent: Wednesday, September 10, 2003 8:36 PM
To: security-basics () securityfocus com
Subject: Need help from a group of experts. I am not a network expert
but I play one on tv. 


        I am an owner of a small business with less than 25 staff members.
We 
do not have the budget to afford a tech person on staff. I am a power 
user that has taken over the task of trying to secure our T1 and I am 
unclear of how to handle a few issues.

1. Each day my Sonicwall firewall is hit buy at least 3 Sub Seven 
attacks. The firewall does say that they are blocked. I have converted 
my users to all use webmail with no attachment download to prevent pop3 
mail virus issues.
                ? How do you track down these attackers when the ip address
will not 
resolve and when i trace them they just don't list. I get the ip from 
the firewall log and try to trace route to no avail.

                ? Does the webmail stop all issues of mail attacks?
                ? Does a program exist that would reverse hack or fight back
against 
these attacks daily?
                ? Does a program exist that could test my network on the
internet to 
see if the firewall is good enough or will someone tell me how I can 
try to trash it to test it.





Randy Opper
First Security
Almost A Network Admin


P.S. I also run Zone Alarm Pro at home, Does it work?



---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

RE: Need help from a group of experts. I am not a network expert but I play one on tv. LordInfidel (Sep 11)
- <Possible follow-ups>
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. Halverson, Chris (Sep 11)