[Dshield] How representative?

Mrcorp mrcorp at yahoo.com
Tue Mar 25 16:30:36 GMT 2003


I just want to interject here for a second.  The comments about being "Completly secured" are most
interesting.  Security isnt an endpoint.  YOu never "become" secure.  its a process that never
ends.  If one could achieve complete security, I would be out of a job.  Additionally, I am
studying the Cable and DSL attacks in great detail now through several honeynets (networks with
several workstations and servers).  The attacks that I am seeing on these networks are the same
that I have seen on many companies that I worked for. 

I will post a formal writeup of my findings when complete.

Mrcorp

--- Jeff Kell <jeff-kell at utc.edu> wrote:
> Chateauneuf wrote:
> > At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
> > 
> >> Honestly I don't think the average DSL/Cable subscriber gets many actual
> >> "intrusion attempts"...
> >> They do get scanned a lot but most scans don't actually result in a
> >> intrusion attempt.
> 
> > I'm not so sure that I agree. FWIW, I think that the difference between 
> > a port scan and an intrusion attempt is the level of security.
> 
> Precisely.  If your setup is completely secured, you drop the packet 
> without further question.  You might be able to differentiate between a 
> "scan" and an "intrusion attempt" from an ICMP or UDP packet, but for 
> TCP issues, you never allow it to get beyond the initial SYN unless you 
> have a real live server behind it.  You would have to "honeynet" every 
> service to get far enough to detect a TCP-based exploit.
> 
> Jeff
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com



More information about the list mailing list