[Dshield] RE: Port 135 - fork to edu security

Ed Truitt ed.truitt at etee2k.net
Sun Oct 27 11:52:18 GMT 2002

I'll chime in with my $0.02, since bashing the IHEs seems to be becoming the
favorite pastime of IT security types:

I have reported hacktivity to numerous organizations:  US-based ISPs,
international ISPs, businesses, non-profits, schools, and IHEs.  My
experience is that IHEs (and small ISPs) are among the quickest to respond
to these reports, based on how long it takes between the time I report it
and the time the hacktivity stops.

In my travels, I attend multi-day meetings in different places.  Most of the
time, I can pretty well write off access to the Internet - either it doesn't
exist, or you have to have an ID on their internal network to get out.  Not
so when I am at an IHE.  In fact, during one such meeting, I was allowed to
d/l the latest Red Hat ISOs - from the IHEs own mirror server.  I doubt most
corporate network folks would have been so accomodating.

IMNSHO, so long as they do reasonable packet filtering (ingress and egress)
to keep the martian and spoofed-source IP traffic down, and take action
against people / machines on their network doing bad stuff (Nimda / hacking
= bad, running a P2P server <> bad, regardless of what Disney or the RIAA
may think), I don't care if they run a firewall / IDS or not.

As to the lawsuits, "I didn't know the coffee was THAT hot" would work about
as well.  I doubt most jurors could even spell 'firewall' or 'IDS', much
less tell you what a "well implemented" one looked like.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "J. Foobar" <jfoobar1 at yahoo.com>
To: <list at dshield.org>
Sent: Saturday, October 26, 2002 4:31 PM
Subject: Re: [Dshield] RE: Port 135 - fork to edu security

> Educational institutions will start doing it when the
> cost of associated lawsuits makes them do it.  They
> are the "best cost avoider" themselves, and the "we
> don't have a well-implemented firewall or IDS" from
> the witness stand will someday likely cost them
> millions of dollars.
> We are not quite there yet, but that day is coming.

More information about the list mailing list