[Dshield] How representative?

Deb Hale haled at pionet.net
Tue Mar 25 18:09:39 GMT 2003

Hash: SHA1

Well said. Education is the key.


- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Chateauneuf
Sent: Tuesday, March 25, 2003 11:30 AM
To: General DShield Discussion List
Subject: Re: [Dshield] How representative?

At 10:18 AM 3/25/2003 -0500, Jeff Kell authored the following:

>Precisely.  If your setup is completely secured, you drop the packet
>without further question.  You might be able to differentiate between a 
>"scan" and an "intrusion attempt" from an ICMP or UDP packet, but for TCP 
>issues, you never allow it to get beyond the initial SYN unless you have a 
>real live server behind it.  You would have to "honeynet" every service to 
>get far enough to detect a TCP-based exploit.

Well put.

There are 36 Million AOL subscribers. I suspect that a majority wouldn't 
know an ICMP packet from chopped liver. With the growing proliferation of 
always-on connections, it's really scary when you think of all the 
potentially compromised machines of people who haven't the slightest clue 
that they are distributing porn, spam or warez.

I have said this before. I think that DShield has a greater potential to 
reduce spam and piracy than all the block lists combined. 

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Version: PGP 8.0


More information about the list mailing list