Security Incidents mailing list archives
Re: find_ddos results
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 21 Nov 2000 18:00:51 -0500
On Tue, 21 Nov 2000 10:18:38 PST, Ryan Russell <ryan () SECURITYFOCUS COM> said:
I'm not so concerned about actually tracking down the attackers in every case. Many times, it's appropriate to just redo your box and move on, especially if you got hit with just the Same Old Thing. (After you're satisfied that it's all known stuff of course.)
Fool me once, shame on you. Fool me twice, shame on me. There's no reason
for The Same Old Thing to ever happen a second time.
Of course, it's a bit more complicated if you're on a CIRT for a campus full
of machines that (a) you don't admin yourself and (b) are admin'ed by users who
don't learn from each other's mistakes....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Attachment:
_bin
Description:
Current thread:
- find_ddos results Karl Malivuk (Nov 16)
- Re: find_ddos results Dave Dittrich (Nov 17)
- Re: find_ddos results Ryan Russell (Nov 17)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Ryan Russell (Nov 22)
- Re: find_ddos results Valdis Kletnieks (Nov 24)
- Re: find_ddos results Jose Nazario (Nov 24)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Jose Nazario (Nov 17)
- Re: find_ddos results Christophe Dubois (Nov 17)
- Re: find_ddos results Dave Dittrich (Nov 18)
- <Possible follow-ups>
- Re: find_ddos results Karl Malivuk (Nov 17)