[OT-mask]

Robert Brockway rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Thu Feb 26 16:38:41 UTC 2004 

On Wed, 25 Feb 2004, Gregory D Hough wrote:

> OT banter follows...stop here if'n you have more important things to
> do.

I did but I read ahead anyway :)

> WAN fact. As a farmer though, it is my duty to protect my herd, not
> only from rustlers but from themselves as well. A wise rancher removes
> the potentially dangerous horns from his beasts that they not injure
> each other. It is also prudent to have a secure perimeter to keep the

Back in my home country we make extensive use of the electric fence.  Not
harmful to people or animals but gives enough of a jolt for both to stay
away.  A quick tip: If you want to see if a fence is electrified (it
should have a sign nearby) touch it with the back of your hand not the
palm of your hand.  Batter yet, don't touch it at all :)

> beasts in good pasture as they graze and chew their cud (read browse,
> blog and eat cookies). Maybe a little squid in the rudiment would help.

I think a squid would looke funny in a field :)

> What concerns me are not the random scans and probes for open ports
> running common services. I am worried about the coordinated
> "enumeration profiling"...for lack of a better term...directed at my

IMHO there has been a distinct reduction in human initiated attacks in
recent years.  Automated attacks are very common, but not very effective,
they look only for specific vulnerabilities.  I'm not sure why this
reduction has occured, maybe because penalties are now beeng applied to
those caught breaking into systems.

> address. I am not referring to any "afterglow" experienced for a short
> time after receiving a new dynamically assigned address. I am talking
> about specific traffic from a dozen or so creeps or perhaps one creep
> using a dozen or so IP's. I assume the creep(s) will not go away
> anytime soon, so I'm forced into doing more homework.

A concerted attack against you is unlikely unless the baddies believe you
have something they really want.

My suggestions:

Build & _maintain_ a good firewall.  Only allow the traffic in that you
need to allow in.  Block the rest[1].  Keep your system security patched.
Keep an eye out on security advisories, Monitor your firewall logs and
consider running something like snort if appropriate.  If you do these
things you are far better off than 99.99% of all Internet users.

[1] Be careful to allow needed ICMP types through.

Cheers,
	Rob

-- 
Robert Brockway
Senior Technical Consultant, OpenTrend Solutions Ltd.
Phone: 416-669-3073, Email: rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org, http://www.opentrend.net
OpenTrend Solutions: Reliable, secure solutions to real world problems.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list