[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] PortSentry works !

Subject: Re: [cobalt-users] PortSentry works !
From: "Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Tue Mar 20 10:34:18 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Clark,

Wow, the lag has become *way* bigger than 24h...

> Alas, only too true. That's very funny.

You should keep a light heart on the matter, imho. Otherwise, you're going
nuts in a matter of seconds. :-)

> This is opinion of course;

Yes, it's definitely opinion type material. I'm eager to see which legal
implications honeypots will have.

> but I should think that if you said "there's an
> entry
> in my logfile to the effect that so and so scaned port 111 repeatedly"
> rather
> than "so and so hacked me" you'd be on safe legal ground and leave the
> decision
> to the subscriber.

I agree. If it's a "this happened to me and it's here for your education"
type of list, I don't see a problem.

*But* (there's always one creeping 'round the corner ;->)... I'd rather see
a thorough discussion on firewalls and their respective rules, but that's
personal of course. I'll check the archives very soon, it's prolly been done
before.

> I indiscriminately consign port scanning ips into oblivion. There's plenty
> of
> business out there.

I have one major rule: you can't do anything, *except* yadda-yadda-yadda.
Configure ipchains the right way and bam, you're off. Certain ports I log,
but mostly, I don't care. If it's closed, it's closed.

This means this pimple faced kiddie can still view my business, but can't
necessarily wreck it. <knock on wood>

Put in another way: I had a good friend of mine work for me part time. He
knew all the bad stuff regarding Linux that was out there, had flooded
entire networks, 'borrowed' MAC-addresses to see which type of stuff a
particular cable user was viewing, and so forth. He was almost invaluable to
my security awareness! I was of great value to him, because I knew how to
configure apache, etc., so I could teach him the 'business side' of Linux.

This what I meant in my original reply.

> Actually, I just meant that there were people better suited than myself
> to securing such an obvious target.

I know, I just couldn't resist. ;-)

> Why not? If it's insecure, it's insecure. And if it really is plain old
> intellectual curiosity that's motivating you, drop me a line and say so.
> I'll work with any demonstrably well intentioned "friends" to mutually
shore
> ourselves up against these little pricks.

Indeed. I believe no one person/company has the exclusive "I'm right" on
anything. I've always seen that cooperation (even with newbies, they can ask
the 'dumbest' questions so you can make stuff idiot proof - absolutely no
disrespect towards anybody here on my part, I'm dead serious) yields the
best results.

Plus, it can save you loads of time researching.

So, perhaps an off list scan consortium?

Have a good one... Nico

Follow-Ups:
- Re: [cobalt-users] PortSentry works !
  - From: flash22
- RE: [cobalt-users] PortSentry works !
  - From: Rodolfo Paiz

References:
- RE: [cobalt-users] PortSentry works !
  - From: Clark E. Morgan

Prev by Date: Re: [cobalt-users] RAQ3 - disabling cgiwrap on a virtual domain
Next by Date: [cobalt-users] Re-Directing users on a 404 error
Previous by thread: RE: [cobalt-users] PortSentry works !
Next by thread: Re: [cobalt-users] PortSentry works !

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index