[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: what do you do when you have attempted hacks in your logs
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: what do you do when you have attempted hacks in your logs
- From: Jeff Nelson <jnelson_(_at_)_jgndesigns_(_dot_)_com>
- Date: Mon, 28 Feb 2005 22:47:16 -0500
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Thu, Feb 24, 2005 at 01:01:19AM -0600, eric wrote:
> > > I always add the IP to my block list, but that's about it....
> When do you remove it?
Most likely, never. If you are on my blacklist, you really had to work
at it. Hard. Although, I would consider large donations of cash and/or
> On Thu, 2005-02-24 at 01:02:30 -0500, Jeff Nelson proclaimed...
> > That can never hurt. If I see an actual hack attempt, I would do the
> > same. However, as you gain confidence in the operating system's ability
> > to secure your network, as well as your ability to configure the system
> > for your needs, I believe what you now see as a "hack attempt", you will
> > merely consider "noise".
> It's problematic that people add malicious source addresses to these
> blacklists, but then never remove them.
> How do you know some NAT device isn't proxying 99% of "good" traffic
> and that 1% of bad traffic?
I don't know, nor do I care.
> Blacklists, IMHO, should be applied carefully and reviewed often.
Absolutely. That's why I only have 3 IP's in my blacklist.
> Else large portions of the Internet can't talk to each other
> (if you're a large enough provider).
I am not even a "small" provider. An ISP would require a more flexible
On my small network, I know who I want to talk to, and who I do not.
Have a great day!