[CLUE-Tech] Brute force attack from host 208.188.115.21
Collins Richey
erichey2 at comcast.net
Thu Aug 5 09:43:40 MDT 2004
On Thu, 05 Aug 2004 10:15:52 -0500
"Glen Newell" <skipworthy at realivetech.com> wrote:
[ snips ]
> A distributed database that could be
> > automagically added to when one system "inappropriately" touches
> another system. ...
> Seems like it would shut down someone probing rather quickly - in
> effect, a large part of the net would disappear.
> >
>
> disappear is just about the right word...
>
> - 'spam databases' just dont work all that well yet, IMHO...still
> pretty labor intensive and too many 'false positives' and so on...
> - There are *many* IT professionals that use probes/scans for
> legitimate research and troubleshooting. Not to mention scans of one's
> own IP space that could be 'automagically' interpereted as malicous,
> shutting down an entire enterprise backbone. So how do
> you 'automagically' determine what is 'inappropriate touching'??
> Don't get me wrong- I'm definitely in favor of tracking and catching
> the bad guys, but I think any kind of 'automatic' process is going too
> far- it seems impractical and could too easily lead to more harm than
> good.
Yes, 'automated' is a bad thing for some of us. I as a happy comcast (<
attbi <@home) user have suffered from the overzealous application of
automated spam rules to the comcast ip space. There are one or two
sevices that I can't reach via email because of the automated rules.
Fortunately these services are not important to me, and I can say the
hell with them, but if the use of automated spam rules became more
prevalent, it would be a bad thing.
Similar principles apply for scans. You can't always separate the sheep
from the goats.
--
/\/\
( CR ) Collins Richey
\/\/ fly Independence Air - they run Linux
More information about the clue-tech
mailing list