Security Basics mailing list archives

Re: Need help from a group of experts. I am not a network expert but I play one on tv.

From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 11 Sep 2003 12:23:17 -0700

From: Randy Opper <ropper () firstsecurityonline com>
I am an owner of a small business with less than 25 staff members.


Congradulations, it's not easy running a small business.

We do not have the budget to afford a tech person on staff.

Understandable, however you should consider finding a consultant to come inonce in a while for important issues.

I am a power user that has taken over the task of trying to secure our T1and I am unclear of how to handle a few issues.

You're headed in the right direction, realizing there might be a problem isthe first step towards a solution.

1. Each day my Sonicwall firewall is hit buy at least 3 Sub Seven attacks.

Intrusion detection systems generate alot of reports, it's not always thatbig a deal. If I remember correctly the sonicwall will highlight importantentries in yellow.

The firewall does say that they are blocked.


That's good.

I have converted my users to all use webmail with no attachment download toprevent pop3 mail virus issues.

Mail viruses aren't particular to pop3, but blocking attachments will takecare of it as long as this doesn't hamper your business processes.

How do you track down these attackers when the ip address will not resolveand when i trace them they just don't list.

Honestly probably not worth your time, though if you experience a REALLYhigh volume you should report it to your ISP.

I get the ip from the firewall log and try to trace route to no avail.


That means that the addresses are most likely being spoofed

Does the webmail stop all issues of mail attacks?


Depends on your setup, what kind of webmail are you using?

Does a program exist that would reverse hack or fight back against theseattacks daily?


Yes, but that would be illegal for the most part.

Does a program exist that could test my network on the internet to see ifthe firewall is good enough
or will someone tell me how I can try to trash it to test it.

The best person to talk to would be your sonicwall value added reseller, butif you want to try it yourself, take a look at nmap. Sonicwall is a decentproduct, it will all depend on your configuration.

P.S. I also run Zone Alarm Pro at home, Does it work?


I run the Zone Alarm free version at home and I'm pretty happy with it.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Conciousness: that annoying time between naps."

_________________________________________________________________

Use custom emotions -- try MSN Messenger 6.0!http://www.msnmessenger-download.com/tracking/reach_emoticon



---------------------------------------------------------------------------

Captus NetworksAre you prepared for the next Sobig & Blaster?- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans- Precisely Define and Implement Network Security- Automatically Control P2P, IM and Spam TrafficFIND OUT NOW - FREE Vulnerability Assessment Toolkithttp://www.captusnetworks.com/ads/42.htm

----------------------------------------------------------------------------

Current thread:

Need help from a group of experts. I am not a network expert but I play one on tv. Randy Opper (Sep 11)
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. David Gillett (Sep 11)
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. Roger A. Grimes (Sep 11)
- <Possible follow-ups>
- Re: Need help from a group of experts. I am not a network expert but I play one on tv. Chris Berry (Sep 11)