Security Incidents mailing list archives
Re: find_ddos results
From: J C Lawrence <claw () KANGA NU>
Date: Sat, 18 Nov 2000 09:49:37 -0800
On Wed, 15 Nov 2000 13:59:05 -0800 Ryan Russell <ryan () SECURITYFOCUS COM> wrote:
You mentioned a campus security guy... who apparantly declined to check out what is likely a hacked box on his net. Is information security his primary job there?
The system crack rate for student boxes at most colleges I have talked to has been so high that the local IS/security staff are only willing to spend time on securing the devices and services for which they are personally responsible. Sample statistic: I have a friend who was a prof at UNewMexico. He says that he averaged just over 300 portscans per day on his desktop (detected with PortSentry and Snort), usually with several score attempted remote exploits thrown in for good measure (wu-ftpd, rpc, etc). Tracking such attempts down was obscenely difficult as you instantly ran into a maze of compromised boxes, none of which kept even reasonable system logs (as if you could trust them). Heck, attacks bounced thru open SOCSK proxies are already difficult enough to track down. -- J C Lawrence claw () kanga nu ---------(*) : http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Current thread:
- find_ddos results Karl Malivuk (Nov 16)
- Re: find_ddos results Dave Dittrich (Nov 17)
- Re: find_ddos results Ryan Russell (Nov 17)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Ryan Russell (Nov 22)
- Re: find_ddos results Valdis Kletnieks (Nov 24)
- Re: find_ddos results Jose Nazario (Nov 24)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Jose Nazario (Nov 17)
- Re: find_ddos results Christophe Dubois (Nov 17)
- Re: find_ddos results Dave Dittrich (Nov 18)
- <Possible follow-ups>
- Re: find_ddos results Karl Malivuk (Nov 17)