Security Incidents mailing list archives

Re: China Experience ?

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Tue, 23 Jul 2002 16:32:01 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 23 Jul 2002, euan wrote:

Is it really worth blocking an entire country because of a few
trivial-to-defend-against scans? Do you panic after receiving scans for
things like tcp 53 and 21?  Perhaps you should consider changing your
IDS policies if you waste so much time investigating non-issues.


        It's not just the net.abuse, it's the *volume* of net.abuse and
the sheer and utter lack of any caring by the admins over there.

        Look, I don't blackhole networks on a whim.  After thousands upon
thousands of scans (both human- and worm-sired), tons of repeated spam
carpet-bombings on my mail servers, and other forms of net.abuse -- all of
which was duly reported and summarily ignored by the cognizant parties --
I saw no alternative but to blackhole not only China, but Korea and Taiwan
as well.

How many of these scans/"hacking" attempts actually led to a successful
comprimise?


        On my systems?  None.  On your typical joe and jane user's system,
more than I care to imagine.  Does a lack of success on the part of the
attacker excuse the attack in your mind?  If someone tries to break into
my house, I still have a legitimate gripe against their conduct.

Frankly this thread, complete with 11/09 references now, smacks of
xenophobia, and that is indeed a sad thing to see appearing on the
internet.


        Bah.  If I saw the same sort of nonsense on an equally epidemic
level with equally pervasive lack of concern by the cognizant parties
coming out of Canada or U.S. universities, they'd get blackholed as well. 
So don't even bother trying to play that race card, sport.  That bulldada
won't fly.  Period.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `-- I'll be diplomatic...when I run out of ammo. --'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE9Ped0GI2IHblM+8ERAv4nAJ45gRqgWF62w0mRDx1LHT7dk/SCCwCcDIHK
H8s55cNpyWabVOcLF5hvKrs=
=e7Mk
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: China Experience ? Curley Mr Eric P (Jul 22)
- Re: China Experience ? incidents.nospam13 (Jul 22)
  - Re: China Experience ? Paul Gear (Jul 22)
- <Possible follow-ups>
- RE: China Experience ? Curley Mr Eric P (Jul 22)
- Re: China Experience ? SecurityPortal (Jul 23)
- Re: Re: China Experience ? kevin.chen (Jul 23)
  - Re: Re: China Experience ? Alif The Terrible (Jul 23)
    - Re: Re: China Experience ? Chris Brenton (Jul 23)
    - Re: China Experience ? euan (Jul 23)
    - Re: China Experience ? Jay D. Dyson (Jul 24)
    - Message not available
    - Re: China Experience ? euan (Jul 24)
    - Re: China Experience ? Chris Brenton (Jul 24)
    - Re: China Experience ? Ken Blinco (Jul 23)
    - Re: Re: China Experience ? Nick FitzGerald (Jul 24)
    - Re: Re: China Experience ? Russell Fulton (Jul 23)
    - Re: Re: China Experience ? Alif The Terrible (Jul 24)
    - RE: Re: China Experience ? Christopher Barker (Jul 24)
- Re: China Experience ? Steven M. Christey (Jul 23)
- RE: China Experience ? YAO,TONY (HP-NewZealand,ex1) (Jul 24)
- RE: Re: China Experience ? Alif The Terrible (Jul 24)