Security Incidents mailing list archives
Re: @home: Is *anyone* really home there???
From: david.kennedy () ACM ORG (David Kennedy CISSP)
Date: Mon, 28 Feb 2000 15:37:02 -0500
-----BEGIN PGP SIGNED MESSAGE----- At 06:41 PM 2/25/00 -0700, Wozz wrote:
I'm the head of the security department for a large nationwide cable modem provider that is in the exact same situation @home is.
...
Bottom line, just because you're not getting a personal response, doesn't mean they aren't doing anything about it. I'm here to keep our network secure, and keep our users from attacking others, not to respond (note i said respond, not act upon) to every single complaint.
What does an ISP *want* to have reported? I agree that complaints that "so-and-so just banged on my Quake port all afternoon" should be unwelcome. However some activities tend to be more troublesome and I wonder what the threshold of pain has to be for an ISP? In general, not a specific policy: nmap scans? <insert tool name here> scans? RPC probes? DNS probes? Trojan probes? Queso/Operating System probes? smurf/fragle/teardrop/land etc.? other candidates? PC Anywhere Proxy probes, 1080, wingate, funk etc.? It should also be clear that an autoresponse is better than no response at all. A boilerplate of "We are not usually able to respond personally to each message received, but wish to assure you that we investigate each report, and will take appropriate action in accordance with our policies," (Sprint's autoresponse) is good enough. How hard is that? -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 Comment: When did you backup your hard disk last? iQCVAwUBOLrcbPGfiIQsciJtAQFCwQQAmUrxShL2qCO1wFMs3mP492tpSiJh8owN xWL8oZRHvul09qarKjSS4ZBs/DnCGzv/WfKzzf7mFtj2kCgCJ024dTYDezXmrVdk pCczmpJfpp1rUFp0vhvsO2+JJlK4UMtIVsOMIvWYOUSZ3n92GhnG2l8yU3v1iDDI wV7VLlH45nY= =Bjqk -----END PGP SIGNATURE----- -- Regards, David Kennedy CISSP Director of Research Services, ICSA.net http://www.icsa.net Protect what you connect. Look both ways before crossing the Net.
Current thread:
- Re: @home: Is *anyone* really home there??? Maniac . (Feb 23)
- Re: @home: Is *anyone* really home there??? The Undernet Bonk (Feb 24)
- Received message from Russian hackers David Meissner (Feb 25)
- <Possible follow-ups>
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? David Kennedy CISSP (Feb 28)
- TIS and fingerprinting Dino Amato (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- ssh wierdness spiff (Feb 26)
- Re: ssh wierdness Markus Friedl (Feb 28)