Honeypots mailing list archives
Re: Attack Paradigm Shift?
From: Seth Arnold <sarnold () wirex com>
Date: Wed, 21 May 2003 12:52:10 -0700
On Wed, May 21, 2003 at 02:05:21PM -0500, Andrew.Patrick () kemperinsurance com wrote:
I get pummelled by all manner of attacks every day, how can I be certain whether these are "targeted" or not??
Your ISP may be willing to tell you whether the IP that sent you a SYN to a port your responded to with a RST went on to send SYNs to other hosts in their netblock, or if your hosts were the only ones. Your firewall logs probably can tell you whether you were scanned for a range of vulnerabilities, or if you were scanned for a single vulnerability. (All in a certain variable timeframe, of course. Many attackers are spreading their scans across weeks, to make less noise in firewall logs..) -- I wonder if the FBI's Carnivore system could cut back on spam...
Attachment:
_bin
Description:
Current thread:
- Re: Attack Paradigm Shift? Andrew . Patrick (May 21)
- Re: Attack Paradigm Shift? Seth Arnold (May 21)
- RE: Attack Paradigm Shift? Roger A. Grimes (May 21)
- Re: Attack Paradigm Shift? gml (May 21)
- RE: Attack Paradigm Shift? So focus on the DZ not the DMZ! Ken Kousky (May 22)
- <Possible follow-ups>
- Re: Attack Paradigm Shift? Lance Spitzner (May 21)
- Re: Moving forward with definition of honeypots iatac vuln (May 21)