Re: Interesting reply

[H Carvey <keydet89 () YAHOO COM>]

Crist,

> Oops, I did not fully qualify that. I would guess,

However, the point remains...you are guessing.  Do you
have any empirical data (log files, etc) to back this
up?

> But think of all the script kiddies with their new
> h4x0R boxen
> (a default install of RedHat waiting to be exploited
> by some
> other kiddie) wetting their pants over their new
> broadband
> connection and scanning 0.0.0.0/0 for every exploit
> under the
> sun.

I do...but that doesn't constitute compromised boxes.
These scans can be effectively ignored...unless, as I
stated, they become a bandwidth/performance issue.

> But you always have to remember despite all of the
> measures
> you take, someone may still slip through.

The idea is to make it a non-trivial exercise for
someone to compromise your systems and data.  As far
as "slip" goes...that would indicate either an
entirely new exploit that isn't even publicly
available, or failure to close a previously identified
hole.

> To reiterate what the original point I was trying to
> make,
> I feel that reporting scans to the source can be a
> worthwhile endevour.

I agree that reporting potentially compromised
systems, based on data, is worthwhile.  Reporting each
kiddie that scans you to his ISP can be futile,
particularly is the ISP's net use/abuse policy doesn't
cover that activity.



__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/