Security Incidents mailing list archives
Re: Handling Scans.
From: "E, M" <freehold () EROLS COM>
Date: Mon, 12 Feb 2001 17:08:07 -0800
Caveat: I do not experience a 'staggering number of scans daily', as Abel says he does. So it's probable I have a much larger luxury of time. That said, my first thought is that I don't know of any commercial auto-response kind of 'conduct unbecoming a user' system but even if there were one unavailable, I'd be personally leery of using it. IMO it would be too easy (everyone is swamped, right? time's precious, right?) to allow yet another task slipped out of human purview and potentially black-holed into the bin of 'I'll get to that task later, meanwhile at least the ISP's been notified'. An irritation can morph into destructive at its next code evolution; thus the priority of other-ISP involvement changes from 'hello, you have a naughty user' to '#%$@! you need to do something about this *now*!'. Will an auto-responder differentiate, know which ones require the '#%$@!' notification, which ones need follow-up? How about the ISP? Are they more likely to black-hole an auto-notification? (lol I have no clue to the answers to these questions, btw.) 'Routine' user misbehaviour is IMO by necessity a fluctuating definition depending on OS, hardware, users, policies, data protection level, etc. I generally shrug off minor knock-knocks but everyone has to decide their own level of 'minor'. What I believe to be the Aggressive, Obnoxious, Repetitive, or the Probably-Owned are subject to me notifying the ISP and, if appropriate, following up. I'm an old-fashioned girl: clinging to the idea that human judgment and consistent hands-on monitoring are a necessary component of security. :) Missy
Current thread:
- Handling Scans. Reeves, Mike (Feb 12)
- Re: Handling Scans. abel wisman (Feb 12)
- Re: Handling Scans. Bill Munger (Feb 12)
- Re: Handling Scans. E, M (Feb 13)
- Re: Handling Scans. Russell Fulton (Feb 13)
- Re: Handling Scans. deviate (Feb 13)
- Re: Handling Scans. Eelco Duijker (Feb 15)
- Re: Handling Scans. Joe Shaw (Feb 13)
- Re: Handling Scans. Michael Boman (Feb 13)
- Re: Handling Scans. Richard Johnson (Feb 13)
- Re: Handling Scans. Harlan S. Barney, Jr. (Feb 13)
- <Possible follow-ups>
- Re: Handling Scans. Booke, Raymond (Feb 12)
- Re: Handling Scans. Reeves, Mike (Feb 12)
- Re: Handling Scans. Timothy Lyons (Feb 12)
(Thread continues...)
- Re: Handling Scans. abel wisman (Feb 12)