[Dshield] How representative?
haled at pionet.net
Tue Mar 25 18:09:39 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Well said. Education is the key.
- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Chateauneuf
Sent: Tuesday, March 25, 2003 11:30 AM
To: General DShield Discussion List
Subject: Re: [Dshield] How representative?
At 10:18 AM 3/25/2003 -0500, Jeff Kell authored the following:
>Precisely. If your setup is completely secured, you drop the packet
>without further question. You might be able to differentiate between a
>"scan" and an "intrusion attempt" from an ICMP or UDP packet, but for TCP
>issues, you never allow it to get beyond the initial SYN unless you have a
>real live server behind it. You would have to "honeynet" every service to
>get far enough to detect a TCP-based exploit.
There are 36 Million AOL subscribers. I suspect that a majority wouldn't
know an ICMP packet from chopped liver. With the growing proliferation of
always-on connections, it's really scary when you think of all the
potentially compromised machines of people who haven't the slightest clue
that they are distributing porn, spam or warez.
I have said this before. I think that DShield has a greater potential to
reduce spam and piracy than all the block lists combined.
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----
More information about the list