[Dshield] How representative?

Deb Hale haled at pionet.net
Tue Mar 25 16:48:05 GMT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



I would be very interested in seeing the findings.  I have a cable connection at my office and a wireless connection at my house.  I am seeing basically the same things that my business customers are seeing.  And I agree with you that there is no such thing as being "completely secure".  New exploits happen on a regular basis.  How do you secure against the unknown?


- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Mrcorp
Sent: Tuesday, March 25, 2003 10:31 AM
To: General DShield Discussion List
Subject: Re: [Dshield] How representative?


I just want to interject here for a second.  The comments about being "Completly secured" are most interesting.  Security isnt an endpoint.  YOu never "become" secure.  its a process that never ends.  If one could achieve complete security, I would be out of a job.  Additionally, I am studying the Cable and DSL attacks in great detail now through several honeynets (networks with several workstations and servers).  The attacks that I am seeing on these networks are the same that I have seen on many companies that I worked for. 

I will post a formal writeup of my findings when complete.

Mrcorp

- --- Jeff Kell <jeff-kell at utc.edu> wrote:
> Chateauneuf wrote:
> > At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
> > 
> >> Honestly I don't think the average DSL/Cable subscriber gets many 
> >> actual "intrusion attempts"... They do get scanned a lot but most 
> >> scans don't actually result in a intrusion attempt.
> 
> > I'm not so sure that I agree. FWIW, I think that the difference 
> > between
> > a port scan and an intrusion attempt is the level of security.
> 
> Precisely.  If your setup is completely secured, you drop the packet
> without further question.  You might be able to differentiate between a 
> "scan" and an "intrusion attempt" from an ICMP or UDP packet, but for 
> TCP issues, you never allow it to get beyond the initial SYN unless you 
> have a real live server behind it.  You would have to "honeynet" every 
> service to get far enough to detect a TCP-based exploit.
> 
> Jeff
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPoCIRDxOOHZjYde8EQJRdQCgy1tMCYPFyB5XiSKdD3dkGWV/faoAn0nX
7T78D4goOni9g+wKlDHO/e7y
=FUTi
-----END PGP SIGNATURE-----




More information about the list mailing list