Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re[2]: [suse-security] Excotic Firewall Police
- From: Ralf Koch <info@xxxxxxxxxx>
- Date: Mon, 26 Nov 2001 13:20:41 +0100
- Message-id: <PM-DB.20011126132041.423FE.3.1D@xxxxxxxxxxxxx>
Hi Mike,
why sending this to police etc. (btw: german police doesn't really care
about this). Think of what may happen: Authorities care about your mail
and begin to track down the possible attacker, who - in most cases of
Code<insert color/> and Nimbda - don't know anything of running a system
scanning other servers. There's only a minimum chance to track down a
real attacker, but a maximum to hurt a security newbie etc.
I've seen private web surfers running Win2k advanced server on their
desktop computer, connected via dialup to the internet.
In standard installation both, the IIS and the indexing server is running
afaik. They neither know what an IIS is, nor care about an indexing
server.
If you feel you should do something, try to contact the sysadmin and give
him a hint what he (his computer) is doing and that security is
something, everybody should think of if connected to the internet.
I agree to your last statement: That won't change much. But if one out of
ten starts to think different of what he's doing and what he's
"providing" for possible attackers, I think that's woth it!
Cheers,
Ralf
>Hi,
>
>On 26 Nov 2001, at 13:40, Boris Lorenz wrote:
>> Oh, and I think Ralf Koch is quite right. Although it often helps to
>> broaden your understanding of anti-cracker skills by setting up
>> honeypots or active/passive retaliation systems (if your time allows),
>> such techniques are of minor use in reality, and may cause problems if
>> configured incorrectly.
>>
>> Don't attack the attacker. Don't descent to their level.
>
>I still get CodeRed/Nimda scans from about 10 different IP addresses
>a day. How about sending complaints along with the excerpts of the
>logfiles to the police and prosecuting authorities? At least in
>europe, if nothing else, if enough people did that, it would show
>them how much work the cybercrime act would mean for them! Not that I
>think it would change much.
>
>mike
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
why sending this to police etc. (btw: german police doesn't really care
about this). Think of what may happen: Authorities care about your mail
and begin to track down the possible attacker, who - in most cases of
Code<insert color/> and Nimbda - don't know anything of running a system
scanning other servers. There's only a minimum chance to track down a
real attacker, but a maximum to hurt a security newbie etc.
I've seen private web surfers running Win2k advanced server on their
desktop computer, connected via dialup to the internet.
In standard installation both, the IIS and the indexing server is running
afaik. They neither know what an IIS is, nor care about an indexing
server.
If you feel you should do something, try to contact the sysadmin and give
him a hint what he (his computer) is doing and that security is
something, everybody should think of if connected to the internet.
I agree to your last statement: That won't change much. But if one out of
ten starts to think different of what he's doing and what he's
"providing" for possible attackers, I think that's woth it!
Cheers,
Ralf
>Hi,
>
>On 26 Nov 2001, at 13:40, Boris Lorenz wrote:
>> Oh, and I think Ralf Koch is quite right. Although it often helps to
>> broaden your understanding of anti-cracker skills by setting up
>> honeypots or active/passive retaliation systems (if your time allows),
>> such techniques are of minor use in reality, and may cause problems if
>> configured incorrectly.
>>
>> Don't attack the attacker. Don't descent to their level.
>
>I still get CodeRed/Nimda scans from about 10 different IP addresses
>a day. How about sending complaints along with the excerpts of the
>logfiles to the police and prosecuting authorities? At least in
>europe, if nothing else, if enough people did that, it would show
>them how much work the cybercrime act would mean for them! Not that I
>think it would change much.
>
>mike
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
| < Previous | Next > |