Re: another wave?

["Paul \"Froggy\" Schneider" <froggy () eecs cwru edu>]

> I have heard some rather unsettling rumours that another round of hacker
> hostilities are approaching. Apparently chinese hackers are planning to
> release a variety of worms in the near future.
>
> My question to the list; is there any validity to this information? I have
> seen a new scan pattern that is searching out recently exploited ports,
> as have several others who responded to my earlier posts.
>
> Any information would be greatly appreciated.

I don't mean to sound flippant, because that's not what I'm tending here.
Nor is this a personal attack, far from it!

However, I would like to ask the question, "What difference does it make?"

Why would I pose that question?  Well, for starters, system administrators
should be ever vigilant in proactively mitigating risk factors that
attract crackers.  Likewise, it is impossible to gauge for sure when an
organization might be hit with a slew of attacks and probes at once. I
understand the curiosity in regards to another potential Chinese
onslaught, but there's no saying another organization or individual
might have your systems and only your systems in his or her sight.

I hope another wave of large scale attacks in the near future is a rumor,
but, likewise, the only systems that really have troubles are those that
are either poorly administrated or not administrated at all! (I would
know, I had to clean up an NT box that was sitting in a basement for 3
months that handled web, ftp, email, file sharing AND was the PDC for
their domain (no BDC... just one PDC).)

I think these attacks should remind us sysadmins that we really have to
keep on our toes and continue to do our jobs well in order to protect
our organization's IT infrastructure.  We get paid good money to do it
(well, most of you at least. *wink*) and reading these lists is a good
first step towards being aware of the potential dangers out there.


Regards,

Paul "Froggy" Schneider