[Dshield] How representative?
haled at pionet.net
Tue Mar 25 16:48:05 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
I would be very interested in seeing the findings. I have a cable connection at my office and a wireless connection at my house. I am seeing basically the same things that my business customers are seeing. And I agree with you that there is no such thing as being "completely secure". New exploits happen on a regular basis. How do you secure against the unknown?
- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Mrcorp
Sent: Tuesday, March 25, 2003 10:31 AM
To: General DShield Discussion List
Subject: Re: [Dshield] How representative?
I just want to interject here for a second. The comments about being "Completly secured" are most interesting. Security isnt an endpoint. YOu never "become" secure. its a process that never ends. If one could achieve complete security, I would be out of a job. Additionally, I am studying the Cable and DSL attacks in great detail now through several honeynets (networks with several workstations and servers). The attacks that I am seeing on these networks are the same that I have seen on many companies that I worked for.
I will post a formal writeup of my findings when complete.
- --- Jeff Kell <jeff-kell at utc.edu> wrote:
> Chateauneuf wrote:
> > At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
> >> Honestly I don't think the average DSL/Cable subscriber gets many
> >> actual "intrusion attempts"... They do get scanned a lot but most
> >> scans don't actually result in a intrusion attempt.
> > I'm not so sure that I agree. FWIW, I think that the difference
> > between
> > a port scan and an intrusion attempt is the level of security.
> Precisely. If your setup is completely secured, you drop the packet
> without further question. You might be able to differentiate between a
> "scan" and an "intrusion attempt" from an ICMP or UDP packet, but for
> TCP issues, you never allow it to get beyond the initial SYN unless you
> have a real live server behind it. You would have to "honeynet" every
> service to get far enough to detect a TCP-based exploit.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----
More information about the list