A modest proposal

• Previous message (by thread): A modest proposal
• Next message (by thread): A modest proposal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   From: Allan Chong <allan at bellsouth.net>

   Tracking down hacked machines would be quicker.  Sometimes you might
   be able to track back to the source where you could pull the ANI
   or callerid information out of the radius accounting logs and have
   someone knocking on their door.  You only have to do this for 1 in 10
   attacks before rumors spread around the hacker community and it stops.

This discussion of securing dialup servers is pointless.  I guarantee
you that the 2000 packet/second SYN attacks we've been seeing are
coming from a compromised host on a high speed connection and not from
someone's 28.8k dialup connection.  The hackers just take over a
machine, use it to launch their attacks, and disappear into the jungle
if we manage to find the particular machine they're using tonight.

Harden your servers, filter on all non-transit ports on your routers,
but let's let the how-to-do-filtering-on-terminal-servers discussion
die, OK?

                                        ---Rob

• Previous message (by thread): A modest proposal
• Next message (by thread): A modest proposal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]