[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: what do you do when you have attempted hacks in your logs
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: what do you do when you have attempted hacks in your logs
- From: eric <eric-list-openbsd-misc_(_at_)_catastrophe_(_dot_)_net>
- Date: Thu, 24 Feb 2005 01:01:19 -0600
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Organization: Catastrophe.Net <http://www.catastrophe.net/>
> > I always add the IP to my block list, but that's about it....
When do you remove it?
On Thu, 2005-02-24 at 01:02:30 -0500, Jeff Nelson proclaimed...
> That can never hurt. If I see an actual hack attempt, I would do the
> same. However, as you gain confidence in the operating system's ability
> to secure your network, as well as your ability to configure the system
> for your needs, I believe what you now see as a "hack attempt", you will
> merely consider "noise".
It's problematic that people add malicious source addresses to these
blacklists, but then never remove them. How do you know some NAT device
isn't proxying 99% of "good" traffic and that 1% of bad traffic?
Blacklists, IMHO, should be applied carefully and reviewed often. Else large
portions of the Internet can't talk to each other (if you're a large enough
Visit your host, monkey.org