[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what do you do when you have attempted hacks in your logs

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: what do you do when you have attempted hacks in your logs
From: eric <eric-list-openbsd-misc_(_at_)_catastrophe_(_dot_)_net>
Date: Thu, 24 Feb 2005 01:01:19 -0600
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
Organization: Catastrophe.Net <http://www.catastrophe.net/>

> > I always add the IP to my block list, but that's about it....
  
When do you remove it?

On Thu, 2005-02-24 at 01:02:30 -0500, Jeff Nelson proclaimed...

> That can never hurt. If I see an actual hack attempt, I would do the
> same. However, as you gain confidence in the operating system's ability
> to secure your network, as well as your ability to configure the system
> for your needs, I believe what you now see as a "hack attempt", you will
> merely consider "noise".

It's problematic that people add malicious source addresses to these
blacklists, but then never remove them. How do you know some NAT device
isn't proxying 99% of "good" traffic and that 1% of bad traffic?

Blacklists, IMHO, should be applied carefully and reviewed often. Else large
portions of the Internet can't talk to each other (if you're a large enough
provider).

Follow-Ups:
- Re: what do you do when you have attempted hacks in your logs
  - From: Jeff Nelson

References:
- what do you do when you have attempted hacks in your logs
  - From: Dave Smith
- Re: what do you do when you have attempted hacks in your logs
  - From: Jeff Nelson

Prev by Date: Re: what do you do when you have attempted hacks in your logs
Next by Date: Re: Routing Problem - Need Help
Previous by thread: Re: what do you do when you have attempted hacks in your logs
Next by thread: Re: what do you do when you have attempted hacks in your logs
Index(es):
- Date
- Thread

Visit your host, monkey.org