Re: Dynamic IP log retention = 0?

[Brett Charbeneau <brett () wrl org>]

On Wed, 11 Mar 2009, William Allen Simpson wrote:

WAS> While I applaud your taking security seriously, and your active monitoring
WAS> of your resources, other folks might be handling huge numbers of Conficker,
WAS> Mebroot, and Torpig infections these days.  So, they might be rather busy.

        Excellent point. And with dwindling staff levels outgoing worm traffic 
may be super low priority for them.
        I know every operation is different - I just wanted to check with the 
group before cranking up my level of indignation. =8^)

WAS> Are your library systems all clean?

        I believe them to be. I have a Snort-based network intrusion detection 
system (using sguil) running with eight taps - and we subscribe to the Snort VRT 
rules. That's on top of host-based intrusion (OSSEC) on all of our servers and 
critical workstations. And centrallly-manged anti-virus (Kaspersky) on all 
desktops.

WAS> You don't seem to have your own ARIN allocation for wrl.org, so it's kinda
WAS> hard to tell from here....
WAS> 
WAS> AS      | IP               | AS Name
WAS> 4565    | 66.200.204.71    | MEGAPATH2-US - MegaPath Networks Inc.

        Yes - while we handle our own DNS our ISP prefers to mask our ARIN 
entry for (their) ease of management. I try to be the anti-salmon with this and 
go WITH the flow...

-- 
********************************************************************
Brett Charbeneau, GSEC Gold, GCIH Gold
Network Administrator
Williamsburg Regional Library
7770 Croaker Road
Williamsburg, VA 23188-7064
(757)259-4044          www.wrl.org
(757)259-4079 (fax)    brett () wrl org
********************************************************************