Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Script Kiddy Defence Script



>>>>> "Shawn" == Shawn  <bofh@example.com> writes:

    Shawn> On Thu, Jun 09, 2005 at 02:01:55PM +0200, Botond Botyanszki
    Shawn> wrote:

    >> by the time you add the deny rule to the firewall, your sandra
    >> user might be already running a zombie program communicating
    >> with a different host that you block...

    Shawn> Completely agreed. Its not meant to be an overall solution
    Shawn> in and of itself. Its meant to be something that works in
    Shawn> conjunction with other measures.

Right.  I think what everybody in this thread is fundamentally talking
about is reducing the noise in the logs, so that you have a better
chance of detecting a serious attack, and system abnormalities in
general.  (Of course all of the attacks are dangerous, but the
scripted ones are based on the premise that even if you can't fool all
of the people all of the time, fooling one once is enough, so they
don't try as hard as somebody who wants to get into _your_ system.)


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links