Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Security Basics
what should I do when.... Jul 04 2008 02:05AM
Jorge L. Vazquez (jlvazquez825 gmail com) (3 replies)
Re: what should I do when.... Jul 08 2008 12:48PM
Adriel Desautels (adriel netragard com) (1 replies)
Re: what should I do when.... Jul 08 2008 03:43PM
lists spider-security net
RE: what should I do when.... Jul 04 2008 11:50PM
Sergio Castro (sergio castro unicin net) (1 replies)
RE: what should I do when.... Jul 07 2008 05:53PM
Rivest, Philippe (PRivest transforce ca) (4 replies)
RE: what should I do when.... Jul 08 2008 12:40PM
Rivest, Philippe (PRivest transforce ca)
Re: what should I do when.... Jul 07 2008 10:24PM
Gregory Boyce (gregory boyce gmail com)
Re: what should I do when.... Jul 07 2008 09:09PM
Adriel Desautels (adriel netragard com) (1 replies)
Re: what should I do when.... Jul 07 2008 11:03PM
Dave Koontz (dkoontz mbc edu)
More to the point.. .the security of your network is YOUR
responsibility. Regardless of your internet gateway or provider...
there is no way an ISP can tweak a one size fits all policy, or even
know every single vulnerability any given customer network may have..
Invest in an IPS or other technology, and make sure all systems are
properly patched at all times.

Adriel Desautels wrote:
> Philippe,
> What you are suggesting is a waste of time. Most buisnessea don't
> have time to call their ISP's every time they get scanned. Accept the
> fact that you will get scanned and react to attacks that matter. Time
> is money don't waste it chasing ghosts.
>
> Regards,
> Adriel T. Desautels
> Mobile: 617-633-3821
> Sent from mobile device.
>
> On Jul 7, 2008, at 12:53 PM, "Rivest, Philippe"
> <PRivest (at) transforce (dot) ca [email concealed]> wrote:
>
>> This is not a good practice.
>> If you just tolerate brute forcing and scanning you are on the wrong
>> track.
>> Imagine if the network usage would double or triple because of these
>> behavior. When will you start to report this to your ISP? When will
>> you start
>> to pressure them that they have clients that need & WANT a secure
>> service
>> (ISP)?
>>
>> As I stated, you should follow your internal procedure, hardened you
>> device
>> after your investigation (&before also..) and contact your ISP.
>>
>> When you have a contract with your ISP you should have a contact for
>> *emergency*. Contact him or normal enterprise service level and have
>> them
>> take a look at the situation.
>>
>> Not doing anything is just accepting that you can be probe and that's
>> not
>> very wise.
>>
>> **Also note that if the guy whos probing you knows nobody ever
>> contacts the
>> ISP for investigation.. do you really think his gonna do nice and
>> limited
>> (rate) scans? His gonna pop everything he has against you to do a full &
>> extensive & complet scan.
>>
>>
>> Merci / Thanks
>> Philippe Rivest, CEH
>> Vérificateur interne en sécurité de l'information
>> Courriel: Privest (at) transforce (dot) ca [email concealed]
>> Téléphone: (514) 331-4417
>> www.transforce.ca
>>
>> Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est
>> long.
>> You could print this email, but it does takes a long time to grow trees.
>>
>>
>> -----Message d'origine-----
>> De : listbounce (at) securityfocus (dot) com [email concealed]
>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De la
>> part de Sergio Castro
>> Envoyé : 4 juillet 2008 19:51
>> Ã? : 'Jorge L. Vazquez'; 'security-basics';
>> security-basics-sc.1207759308.halobnafecliebdpegpn-Jlvazquez825=gmail.co
m@sec
>>
>> urityfocus.com; 'security focus listbounce'
>> Objet : RE: what should I do when....
>>
>> Hi Jorge,
>>
>> My recommendation, other than make sure your public IP systems are
>> properly
>> hardened, is to do nothing. Continuous scans and brute force login
>> attempts
>> are the norm on the Internet. For every ISP that pays attention to your
>> complaints, 10 will ignore you.
>>
>> - Sergio
>>
>> -----Mensaje original-----
>> De: listbounce (at) securityfocus (dot) com [email concealed]
>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En
>> nombre de Jorge L. Vazquez
>> Enviado el: Jueves, 03 de Julio de 2008 09:05 p.m.
>> Para: security-basics;
>> security-basics-sc.1207759308.halobnafecliebdpegpn-Jlvazquez825=gmail.co
m@se
>>
>> curityfocus.com; security focus listbounce
>> Asunto: what should I do when....
>>
>> for the last 2 days I've been getting lots of connections attempts on my
>> firewall logs(ipcop firewall), from a specific ip based in Canada,
>> the log
>> is showing a
>> *
>> *
>> NEW not SYN?
>>
>> it seems that someone is trying to initiate a connections, or may be
>> a scan.
>> Although the good thing is that the firewall is detecting them therefore
>> stopping them, I'm getting worried of hacker activity, I've already
>> done ip
>> lookup, and dns whois query both of those point to ip and host in
>> Canada it
>> seems to be a company as I got their public website and also private
>> network.....could anyone advice me what's the proper course of
>> actions in
>> this case?....
>>
>> thanks
>> Jorge L. Vazquez
>> www.pctechtips.org
>>
>>
>>
>> __________ NOD32 3243 (20080704) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.eset.com
>>
>>

<http://www.mbc.edu/>

[ reply ]
RE: what should I do when.... Jul 07 2008 06:03PM
Sergio Castro (sergio castro unicin net)
RE: what should I do when.... Jul 04 2008 02:42PM
Rivest, Philippe (PRivest transforce ca)







 

Privacy Statement
Copyright 2008, SecurityFocus