Snort mailing list archives
Re: stupid question
From: John Sage <jsage () finchhaven com>
Date: Sat, 7 Jun 2003 11:37:52 -0700
I don't know if your subject line was an attempt at reverse psychology or what; personally, I only looked at your post to see just how stupid your question was. Turns out it wasn't stupid, so much as kinda like "how many angels can dance on the head of a pin?" On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:
Ok, I have Snort up and running with ACID and I love it. Very powerful tool and it really sheds light on what's really going on in your network.
Flattery will get you nowhere :-/
Now my question. I have beautiful view of people trying to attack our network. Is there anything that can be done about these people? Will ISPs do anything with no proof of an actual break in, just attempted break-ins? Is there anyway that I can at least trace the IP to an E-mail address and say "I'm watching you"?
This is one of the ancient questions: "All these people are *ATTACKING* me! Can't someone do *SOMETHING*??" The answer breaks down into two philosophical positions: 1) Get over it. Probes are extremely common, and if you're well-protected, view them as so much water off a duck's back and get on with your life. 2) Gnash your teeth, post messages to various abuse@ and/or postmaster@ and/or newsgroups and/or whatever, and never get any real satisfaction; 2.a) Join dshield (http://www.dshield.org/) and sign up for Fight Back! and *then* get on with your life... Personally, I'm in group 1)...
I have the feeling that the answer is probably going to be "No. Without break-ins, no one will do anything".
More like "Almost nothing will happen, even after a breakin." Think about it. You get cracked by some punk from (in no particular order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet... Who ya gonna call? The Office of Homeland Security? The FBI? Your local police? InterPol? NATO? hmm.. - John -- "You are in a twisty maze of weblogs, all alike." See our all-new look! http://www.finchhaven.com/ ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- stupid question Chris (Jun 06)
- Re: stupid question John Sage (Jun 07)
- Re: stupid question james (Jun 07)
- Re: stupid question Jeff Nathan (Jun 08)
- <Possible follow-ups>
- RE: stupid question Chris (Jun 09)
- Re: stupid question John Sage (Jun 07)