nanog mailing list archives
Re: Update to BCP-38?
From: Mike Meredith via NANOG <nanog () nanog org>
Date: Wed, 9 Oct 2019 09:30:53 +0100
On Tue, 8 Oct 2019 13:59:58 +0000, Mark Collins <mark.collins () mariestopes org> may have written:
Not everyone attacking your systems is going to have the skills or knowledge to get in though - simple tricks (like hiding what web server you use) can prevent casual attacks from script kiddies and others who aren't committed to targeting you, freeing your security teams to focus on the serious threats.
Er ... no. Not according to real world data (my firewall logs). Most attacks are fully automated and they don't (always) bother with complex logic to determine which attacks to try. For instance I constantly see Apache struts attacks against servers that a) may or may not be running Apache (the headers are removed) b) definitely aren't running Struts. In fact many attacks are sufficiently automated that the human behind the scenes won't even know a system has been compromised if it doesn't successfully pick up the second stage of the payload and 'phone home'. -- Mike Meredith, University of Portsmouth Chief Systems Engineer, Hostmaster, Security, and Timelord!
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Update to BCP-38?, (continued)
- Re: Update to BCP-38? Stephen Satchell (Oct 03)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- RE: Update to BCP-38? Keith Medcalf (Oct 03)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 03)
- Re: Update to BCP-38? William Herrin (Oct 04)
- RE: Update to BCP-38? Keith Medcalf (Oct 04)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 08)
- RE: Update to BCP-38? Mark Collins (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 09)
- Re: Update to BCP-38? William Herrin (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 08)
- Re: Update to BCP-38? Mark Collins (Oct 10)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 09)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- Re: Update to BCP-38? Stephen Satchell (Oct 03)
- Re: Update to BCP-38? Fred Baker (Oct 03)