[SGVLUG] Who is that knocking on my ports?
Emerson, Tom (*IC)
Tom.Emerson at wbconsultant.com
Tue Jan 13 11:30:29 PST 2009
> -----Original Message----- Of Alan Horn
> [I wrote]
> > 3) generate, in real time, an e-mail report of the
> breakin attempt
> > -- one e-mail per attempt :)
> >
> > Yes, I intend to "spam" the ISP about what their user(s) are doing.
>
> It's completely not worth it. Just drop them with blocksshd
> or something
> similar. These botnet attacks are so numerous and distributed
> that the
> best course right now is just to ignore them and drop the
> packets on the
> floor. It's a personal choice of course.
Yes, I realize that -- unfortunately, it has been the complacancy of "it
is easier to ignore than to fix" that got us to the point where "the
attacks are so numerous and distributed" that we can't possibly cope
with it anymore.
To be honest, the "attack" rate for my system is really low -- low
enough that taking any action at all [including starting this discussion
on the list] could easily be seen as a waste of effort [though the
tarpit might have merit...] but I imagine this problem is far worse for
anyone with a much more "visible" target system.
I suppose it is sorta like speeding on the freeway -- technically, it's
illegal, but the chances of getting caught are very slim -- in a sense,
the "speeders are so numerous and distributed" that the cops simply let
it happen
--HOWEVER-- the cops do, on occaision, stop someone for speeding
(presumably the "worst" offender in a local space/time sense) and those
that see it happening think twice [and then speed up more because they
know the local authority is "tied up at the moment"] however the
internet isn't exactly the 210 -- there CAN be enough 'cops' to deal
with each and every "speeder" (or, perhaps more accurately, every other
driver on the road would have the ability to arrest the speeders) --
though I suppose that's already true in a way - every driver on the road
[with a cell phone] /could/ call the highway patrol, it is just easier
(from the their point of view) to "ignore it" and/or presume "someone
else will deal with the problem"...
More information about the SGVLUG
mailing list