[SGVLUG] Who is that knocking on my ports?
Alan Horn
ahorn at deorth.org
Tue Jan 13 13:20:06 PST 2009
>> It's completely not worth it. Just drop them with blocksshd
>> or something
>> similar. These botnet attacks are so numerous and distributed
>> that the
>> best course right now is just to ignore them and drop the
>> packets on the
>> floor. It's a personal choice of course.
>
> Yes, I realize that -- unfortunately, it has been the complacancy of "it
> is easier to ignore than to fix" that got us to the point where "the
> attacks are so numerous and distributed" that we can't possibly cope
> with it anymore.
To me its never really been a concern. Like I say, it's a personal
choice. It's not worth my time, maybe you think its worth yours and more
power to you. :)
>
> To be honest, the "attack" rate for my system is really low -- low
> enough that taking any action at all [including starting this discussion
> on the list] could easily be seen as a waste of effort [though the
> tarpit might have merit...] but I imagine this problem is far worse for
> anyone with a much more "visible" target system.
It is, I get several thousand probes a day in certain places, but they're
very definitely automated and the bandwidth they take is low enough that
it doesn't affect my billing.
> internet isn't exactly the 210 -- there CAN be enough 'cops' to deal
> with each and every "speeder" (or, perhaps more accurately, every other
> driver on the road would have the ability to arrest the speeders) --
> though I suppose that's already true in a way - every driver on the road
> [with a cell phone] /could/ call the highway patrol, it is just easier
> (from the their point of view) to "ignore it" and/or presume "someone
> else will deal with the problem"...
>
>
First you have to see it as a problem. I've never been one for chasing
down kids. :)
Cheers,
Al
More information about the SGVLUG
mailing list