A point of view from the other end of the spectrum...

[boa () DIGITALSAMURAI ORG]

I'm not an admin, I don't subscribe to this list, but it's 
about 5:00AM EST and I thought I might share my views. I've 
read a number of posts tonight and the vast majority seem 
to be (D)DOS attacks and scans.  First off I would like to 
say I can't even imagine how spread out and overworked some 
of these admins are so please don't think I ignored this 
factor. But honestly most of these scans seem to originate 
from .kr which as you all know a large portion of the 
systems are comprimised. This is something to remember, I 
know sys admins. don't like being scanned but it's just 
something you have to get over. 90% of the time it's 
nothing but a kid trying to see if he can some lame exploit 
on you.  You all know this so that is even more of a reason 
to STAY UP TO DATE WITH THE PATCHES! I can't emphasize this 
enough, YOU MUST stay up to date with the patches.  If you 
don't stay up to date, complaining or asking advice here or 
anyplace else is just silly. So please I beg you to stay up 
to date, write a script to check common ftps for patches 
that apply to a ruleset you specify or whatever. And on the 
subject of (D)DOS attacks, if you're up to date on the 
patches and you'll just have to suffer through them they 
are a way of life. And honestly you all should be VERY VERY 
glad the majority of people running the exploits out there 
barely know how to use them otherwise you would all be in 
BIG BIG trouble. Security is RISK MANAGEMENT and you've got 
to realize that and the best thing you can do is stay up to 
date on the patches and make sure you post to a list or 
check some sites before making any major or semi-major 
change to your network to tell if it's secure. And go back 
read papers on different aspects of network security that 
are relavent to you. There is always someone out there who 
can comprimise your system just try and make sure that it's 
as few as possible. I would love feedback if you wish to 
leave me some. Honestly I'm sure most of you know this but 
you don't act on this knowledge.  The scans and attacks as 
scary as they may be are much less intimidating if you know 
you have a "secure" network. 

-BOA of FCS

P.S From a quick looksee on some of the hosts mentioned on 
this list, you've guys got a lot of patching to do...