[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] warning

Subject: Re: [cobalt-security] warning
From: "Chris Bell" <chris@xxxxxxxxxxxxxxx>
Date: Thu, 3 May 2001 01:51:45 +1000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>The people with IP 211.190.0.195 have been trying to hack my raq4 severeal
>days. Has anybody a way to "block all Asia" from
>all kind of conection to our raqs? This becuse we only hold norwegian
sites,
>and therefore I am better of safe than sorry. All of you other admins
should
>allso take a look at this IP.

I was chatting to one of my Chinese linux-guru friends here in Australia
last night and he explained to me that most of the attacks from Korea are
probably coming from China. He was suggesting that Chinese h4x0r5 use korea
as a gateway because it has fatter pipes to the U.S.

So the moral of the story is that you can block all the IPs you want, but as
long as the hacker can still get control of an IP outside that range it
provides a relay point that they can still attack you from. I was reading
recently about old Wingate exploits that do this for you and basically
provide IP-spoofing on demand because once you get in you can go anywhere
and your originating IP isn't logged.

I'm not much of an authority on these issues, but it seems that harm
minimisation rather than control is still the main issue here, just as it is
with a whole lot of other issues that our various governments seek to ignore
: )

now if only i could figure out how to configure this snort business....

cb

Prev by Date: Re: [cobalt-security] Open letter to SUN/Cobalt
Next by Date: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
Previous by thread: [cobalt-security] warning
Next by thread: [cobalt-security] completely off topic

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index