Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Excotic Firewall Police
- From: Boris Lorenz <bolo@xxxxxxx>
- Date: Mon, 26 Nov 2001 14:52:57 +0100 (CET)
- Message-id: <XFMail.011126145257.bolo@xxxxxxx>
Hi,
On 26-Nov-01 Thomas Michael Wanka wrote:
> Hi,
>
> On 26 Nov 2001, at 13:40, Boris Lorenz wrote:
>> Oh, and I think Ralf Koch is quite right. Although it often helps to
>> broaden your understanding of anti-cracker skills by setting up
>> honeypots or active/passive retaliation systems (if your time allows),
>> such techniques are of minor use in reality, and may cause problems if
>> configured incorrectly.
>>
>> Don't attack the attacker. Don't descent to their level.
>
> I still get CodeRed/Nimda scans from about 10 different IP addresses
> a day. How about sending complaints along with the excerpts of the
> logfiles to the police and prosecuting authorities? At least in
> europe, if nothing else, if enough people did that, it would show
> them how much work the cybercrime act would mean for them! Not that I
> think it would change much.
The tools section of securityfocus.com contains a small utility called
"codeblue" to scan your Apache logs for CodeRed I+II/Nimda attacks, and send
mails to the admins of the (probably infected) hosts. This may not be the
end-all and be-all of solutions, but it's a start.
It's no good idea to transfer the logs to certain authorities without at least
a quick preliminary information to the admin(s) of the responsible hosts.
While there's a remote possibility to catch a downright evil attacker, chances
are good to cause unwanted legal trouble by stirring up federal action against
possibly innocent ppl.
> mike
PS.: IMO, the EU cybercrime treaty simply is a joke, made up by lawyers,
CEOs and heads of the software industries' big cheeses to install and maintain
patterns of sueability. While this may help to give flocks of unemplyoed
solicitors a job, it's of little to no use for the security community as a
whole.
Just my $0.02 (that's roughly 0.02278 Euros ;) )
On 26-Nov-01 Thomas Michael Wanka wrote:
> Hi,
>
> On 26 Nov 2001, at 13:40, Boris Lorenz wrote:
>> Oh, and I think Ralf Koch is quite right. Although it often helps to
>> broaden your understanding of anti-cracker skills by setting up
>> honeypots or active/passive retaliation systems (if your time allows),
>> such techniques are of minor use in reality, and may cause problems if
>> configured incorrectly.
>>
>> Don't attack the attacker. Don't descent to their level.
>
> I still get CodeRed/Nimda scans from about 10 different IP addresses
> a day. How about sending complaints along with the excerpts of the
> logfiles to the police and prosecuting authorities? At least in
> europe, if nothing else, if enough people did that, it would show
> them how much work the cybercrime act would mean for them! Not that I
> think it would change much.
The tools section of securityfocus.com contains a small utility called
"codeblue" to scan your Apache logs for CodeRed I+II/Nimda attacks, and send
mails to the admins of the (probably infected) hosts. This may not be the
end-all and be-all of solutions, but it's a start.
It's no good idea to transfer the logs to certain authorities without at least
a quick preliminary information to the admin(s) of the responsible hosts.
While there's a remote possibility to catch a downright evil attacker, chances
are good to cause unwanted legal trouble by stirring up federal action against
possibly innocent ppl.
> mike
PS.: IMO, the EU cybercrime treaty simply is a joke, made up by lawyers,
CEOs and heads of the software industries' big cheeses to install and maintain
patterns of sueability. While this may help to give flocks of unemplyoed
solicitors a job, it's of little to no use for the security community as a
whole.
Just my $0.02 (that's roughly 0.02278 Euros ;) )
| < Previous | Next > |