[Dshield] So my computer is a danger and you are a genius?

mbshafer ms at mbshafer.com
Tue Mar 26 15:25:59 GMT 2002

>Vunet crashes my browser if I try to use the site with downloads, 
>cookies, and active scripting blocked. Best to go elsewhere...

Real curious as to the settings here as I run a cookie manager that
blocks all but the approved list. Said list  is very small and doesn't
include vnunet. I have all java and js turned off for internet zone
(ie5.5) as that's only approved in the trusted zone of which vnunet is
not a member.  In other words I have the the same settings for vnunet
with nary a hitch. I'm curious as I've been working on making security
my specialty for almost two years now and I actually go looking for
trouble on the net. i.e. going to sites known to be certified cracker
hangouts etc. 

My production network is a combo of win 2k pro boxes and linux
ws/servers.  I run firewalling numerous layers deep, ids (snort),
another packet sniffer on the win2k boxes, cookie manager, block all
scripting, virus protection on the win2k boxes. I keep IE *real* current
with patches (not that that solves all the problems :)) Also run swatch
on all the linux boxes and keep several terminals open on my one linux
ws with such items running as top and do netstat -tupan etc checks
constantly when looking for the "s**t" :) 

My own experience is very little is happening at the web sites. The most
common thing I've seen (5% maybe) is that visiting certain sites seems
to set off a return scan to my ip (fin/syn alerts being most common).
Where I do see a lot of activity is in crack attempts on my firewall and
when the time and interest allows I go after them to see if they're
innocent background noise etc. Again these largely appear to be just
wide sweeps likely done by some bored computer jock that just discovered
nmap. I've only logged two or three IPs consistently rattling the
doorknobs over the past several months. 

In sum my experience is most of the activity out there (at least in my
cable block) is unfocused, opportunistic type stuff and not serious,
focused hack attempts. By all means please do direct me to certified
sources of nefarious activity.

>Mike, the beta Labrea (*.4) does not do make install, it says so right 
>in the readme. Locate, find, whereis, slocate, etc. really couldn't

I gather I wasn't clear here. I got the impression you couldn't find
where the various package files were on the box. The locate & find will
solve that problem as I trust you're aware from reading the man pages.


Mike Shafer
Pittsburgh, PA, USA

Why can't I just say PLONK!? ;)

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list