Security Incidents mailing list archives
A point of view from the other end of the spectrum...
From: boa () DIGITALSAMURAI ORG
Date: Wed, 16 Aug 2000 09:13:24 -0000
I'm not an admin, I don't subscribe to this list, but it's about 5:00AM EST and I thought I might share my views. I've read a number of posts tonight and the vast majority seem to be (D)DOS attacks and scans. First off I would like to say I can't even imagine how spread out and overworked some of these admins are so please don't think I ignored this factor. But honestly most of these scans seem to originate from .kr which as you all know a large portion of the systems are comprimised. This is something to remember, I know sys admins. don't like being scanned but it's just something you have to get over. 90% of the time it's nothing but a kid trying to see if he can some lame exploit on you. You all know this so that is even more of a reason to STAY UP TO DATE WITH THE PATCHES! I can't emphasize this enough, YOU MUST stay up to date with the patches. If you don't stay up to date, complaining or asking advice here or anyplace else is just silly. So please I beg you to stay up to date, write a script to check common ftps for patches that apply to a ruleset you specify or whatever. And on the subject of (D)DOS attacks, if you're up to date on the patches and you'll just have to suffer through them they are a way of life. And honestly you all should be VERY VERY glad the majority of people running the exploits out there barely know how to use them otherwise you would all be in BIG BIG trouble. Security is RISK MANAGEMENT and you've got to realize that and the best thing you can do is stay up to date on the patches and make sure you post to a list or check some sites before making any major or semi-major change to your network to tell if it's secure. And go back read papers on different aspects of network security that are relavent to you. There is always someone out there who can comprimise your system just try and make sure that it's as few as possible. I would love feedback if you wish to leave me some. Honestly I'm sure most of you know this but you don't act on this knowledge. The scans and attacks as scary as they may be are much less intimidating if you know you have a "secure" network. -BOA of FCS P.S From a quick looksee on some of the hosts mentioned on this list, you've guys got a lot of patching to do...
Current thread:
- A point of view from the other end of the spectrum... boa (Aug 18)
- Re: A point of view from the other end of the spectrum... H Carvey (Aug 21)