Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stupid question

From: John Sage <jsage () finchhaven com>
Date: Sat, 7 Jun 2003 11:37:52 -0700
I don't know if your subject line was an attempt at reverse psychology
or what; personally, I only looked at your post to see just how stupid
your question was.

Turns out it wasn't stupid, so much as kinda like "how many angels can
dance on the head of a pin?"

On Fri, Jun 06, 2003 at 09:19:04AM -0400, Chris wrote:


Ok, I have Snort up and running with ACID and I love it.  Very powerful tool
and it really sheds light on what's really going on in your network.


Flattery will get you nowhere :-/


Now my question.  I have beautiful view of people trying to attack our
network.  Is there anything that can be done about these people?  Will ISPs
do anything with no proof of an actual break in, just attempted break-ins?
Is there anyway that I can at least trace the IP to an E-mail address and
say "I'm watching you"?


This is one of the ancient questions:

"All these people are *ATTACKING* me! Can't someone do *SOMETHING*??"

The answer breaks down into two philosophical positions:

1) Get over it. Probes are extremely common, and if you're
well-protected, view them as so much water off a duck's back and get
on with your life.

2) Gnash your teeth, post messages to various abuse@ and/or
postmaster@ and/or newsgroups and/or whatever, and never get any real
satisfaction;

2.a) Join dshield (http://www.dshield.org/) and sign up for Fight
Back! and *then* get on with your life...

Personally, I'm in group 1)...


I have the feeling that the answer is probably going to be "No. Without
break-ins, no one will do anything".


More like "Almost nothing will happen, even after a breakin."

Think about it. You get cracked by some punk from (in no particular
order) Germany|Korea|Romania|Brazil|AOL|anyplace_else_on_the_planet...

Who ya gonna call? The Office of Homeland Security? The FBI? Your
local police? InterPol? NATO?

hmm..



- John
-- 
"You are in a twisty maze of weblogs, all alike."

See our all-new look! http://www.finchhaven.com/


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: