Dynamic IP log retention = 0?

Joe Greco jgreco at ns.sol.net
Fri Mar 13 08:53:35 CDT 2009


> On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco <jgreco at ns.sol.net> wrote:
> > >       Well most port scanning is from compromised boxes.  Once a
> > >       box is compromised it can be used for *any* sort of attack.
> > >       If you really care about security you take reports of ports
> > >       scans seriously.
> >
> > Yeahbut, the real problem is that port scanning is typically used as
> > part of a process to infect _other_ boxes.  If you allow this sort of
> > illness to spread, the patient (that is, the Internet) doesn't get
> > better.
> 
> Port scanning is the Internet equivelant of the common cold. They're a dime
> a dozen.
> 
> I recommend taking some Vitamin B and D. Block, and Drop.

No, it's more comparable to the jerk who not only doesn't stay at home
with his cold, but actively walks around the workplace coughing and
sneezing without covering his mouth/nose with a kleenex, spraying people.

The reality is that it fails the "if everybody did this, would it be a
good thing" test.  While some "B&D" is common sense on the receiving end,
this does not make it any more correct for the originating site to let it 
keep happening.  If every PC on the Internet (conservatively, let's
assume a billion devices that are sufficiently sophisticated that they
could be infected) were to send you a single packet per day, you'd be
seeing over 10,000pps.  That should suggest that the behaviour is not
something to be encouraged.

My locking my doors does not mean it's okay for you to check if my door
is locked.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list