Honeypots mailing list archives

Re: Attack Paradigm Shift?

From: Seth Arnold <sarnold () wirex com>
Date: Wed, 21 May 2003 12:52:10 -0700

On Wed, May 21, 2003 at 02:05:21PM -0500, Andrew.Patrick () kemperinsurance com wrote:

I get pummelled by all manner of attacks every day, how can I be certain
whether these are "targeted" or not??


Your ISP may be willing to tell you whether the IP that sent you a SYN
to a port your responded to with a RST went on to send SYNs to other
hosts in their netblock, or if your hosts were the only ones.

Your firewall logs probably can tell you whether you were scanned
for a range of vulnerabilities, or if you were scanned for a single
vulnerability. (All in a certain variable timeframe, of course. Many
attackers are spreading their scans across weeks, to make less noise in
firewall logs..)


-- 
I wonder if the FBI's Carnivore system could cut back on spam...

Attachment: _bin
Description:

Current thread:

Re: Attack Paradigm Shift? Andrew . Patrick (May 21)
- Re: Attack Paradigm Shift? Seth Arnold (May 21)
- RE: Attack Paradigm Shift? Roger A. Grimes (May 21)
  - Re: Attack Paradigm Shift? gml (May 21)
  - RE: Attack Paradigm Shift? So focus on the DZ not the DMZ! Ken Kousky (May 22)
- <Possible follow-ups>
- Re: Attack Paradigm Shift? Lance Spitzner (May 21)
  - Re: Moving forward with definition of honeypots iatac vuln (May 21)