-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Wed, Jan 17, 2001 at 03:09:31PM +1000,
William Bartholomew ([EMAIL PROTECTED])
a écrit:
> Just a couple of general questions:
>
> a) How often can a SMALL company expect to be attacked (ie
> DENIED packets etc?
>
Hi,
some attacks are be provided by scripts they are pinging a class of ip in way
to see if they are alive. But, say me, that is not an attack. For my own
experience, I see just one who could be acharnous (say that?) and attempts my
telnetd deamon. In major case, attacks are provided by persons without
experience, for game or try a new tool, or showing theyre friend what kind of
hacking can they do to impress.
> b) If attacks are regular, and often from the same people, what
> action should you take? What if it is a variety of people, apart from
> your firewall how else can you protect yourself?
A part of thoses attacks are friendly made with technicians with great
experience. If they found a open source on the web or whois, they can phone to
your compagny, grab some informations and intrude your system. In this case,
you must observe him and no touch anything. just connect him on a blackholder
machine without importants informations, like a chroot apache. And be careful
with floppys in your 'warroom' inserted by «vip» to show you theyr products.
I think that is not a problem for little compagny to mount it's system with
care. Just disablying not necessary services.
Rest of attacks are, to my eyes, just to know what is installed in way to apply
the last CERT exploit working with appropriate tool. that provided by dangerous
persons to not informate what other kind of attack could be possible. So, no
reply is the best solution. just reply by cutting connection for a moment and
use an other network since script operating. And so, tripwire your system while
this attacks are made on your other crash-test guard screen.
Be careful with mailing system between inside bad guy and outside ware compagny
because if a false compagny interrest your system, all of parameters are
included by handshakes from mail servers connections. Use a specially ring to
provide internet in your compagny. A secure and other line, with dhcp in a
10.0.0.0/class and which be managed by other sure compagny (for insurance and
lawers:)
hope to help you,
have fun.
gilles
- --
Trois choses insupportables :
le café brûlant, le champagne tiède, et les femmes froides.
Orson Welles
- --- gpg key:http://bermudos.free.fr/.key/pubring.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Pour information voir http://www.gnupg.org
iEYEARECAAYFAjpl18cACgkQ79KAEZQ0U5503gCdFQjVV1P0QUAbMRkivkJ1cpHw
83IAn2uU/ibff62d1dVsoVk9ZyEyrO4W
=ZUTu
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
