[Dshield] RE: Port 135 - fork to edu security
ed.truitt at etee2k.net
Sun Oct 27 11:52:18 GMT 2002
I'll chime in with my $0.02, since bashing the IHEs seems to be becoming the
favorite pastime of IT security types:
I have reported hacktivity to numerous organizations: US-based ISPs,
international ISPs, businesses, non-profits, schools, and IHEs. My
experience is that IHEs (and small ISPs) are among the quickest to respond
to these reports, based on how long it takes between the time I report it
and the time the hacktivity stops.
In my travels, I attend multi-day meetings in different places. Most of the
time, I can pretty well write off access to the Internet - either it doesn't
exist, or you have to have an ID on their internal network to get out. Not
so when I am at an IHE. In fact, during one such meeting, I was allowed to
d/l the latest Red Hat ISOs - from the IHEs own mirror server. I doubt most
corporate network folks would have been so accomodating.
IMNSHO, so long as they do reasonable packet filtering (ingress and egress)
to keep the martian and spoofed-source IP traffic down, and take action
against people / machines on their network doing bad stuff (Nimda / hacking
= bad, running a P2P server <> bad, regardless of what Disney or the RIAA
may think), I don't care if they run a firewall / IDS or not.
As to the lawsuits, "I didn't know the coffee was THAT hot" would work about
as well. I doubt most jurors could even spell 'firewall' or 'IDS', much
less tell you what a "well implemented" one looked like.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "J. Foobar" <jfoobar1 at yahoo.com>
To: <list at dshield.org>
Sent: Saturday, October 26, 2002 4:31 PM
Subject: Re: [Dshield] RE: Port 135 - fork to edu security
> Educational institutions will start doing it when the
> cost of associated lawsuits makes them do it. They
> are the "best cost avoider" themselves, and the "we
> don't have a well-implemented firewall or IDS" from
> the witness stand will someday likely cost them
> millions of dollars.
> We are not quite there yet, but that day is coming.
More information about the list