[Dshield] How representative?
mrcorp at yahoo.com
Tue Mar 25 16:30:36 GMT 2003
I just want to interject here for a second. The comments about being "Completly secured" are most
interesting. Security isnt an endpoint. YOu never "become" secure. its a process that never
ends. If one could achieve complete security, I would be out of a job. Additionally, I am
studying the Cable and DSL attacks in great detail now through several honeynets (networks with
several workstations and servers). The attacks that I am seeing on these networks are the same
that I have seen on many companies that I worked for.
I will post a formal writeup of my findings when complete.
--- Jeff Kell <jeff-kell at utc.edu> wrote:
> Chateauneuf wrote:
> > At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
> >> Honestly I don't think the average DSL/Cable subscriber gets many actual
> >> "intrusion attempts"...
> >> They do get scanned a lot but most scans don't actually result in a
> >> intrusion attempt.
> > I'm not so sure that I agree. FWIW, I think that the difference between
> > a port scan and an intrusion attempt is the level of security.
> Precisely. If your setup is completely secured, you drop the packet
> without further question. You might be able to differentiate between a
> "scan" and an "intrusion attempt" from an ICMP or UDP packet, but for
> TCP issues, you never allow it to get beyond the initial SYN unless you
> have a real live server behind it. You would have to "honeynet" every
> service to get far enough to detect a TCP-based exploit.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
More information about the list