[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Need some help on a Attack Alert and a response from the source please...
- Subject: RE: [cobalt-security] Need some help on a Attack Alert and a response from the source please...
- From: "Chuck Lewis" <clewis@xxxxxxxxxx>
- Date: Tue, 10 Feb 2004 15:49:47 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
E.B.> That's definitely the correct thing. Many clueful bandwidth
E.B.> providers put a fair amount of effort into security.
E.B.>
E.B.> I also WOULD NOT run automated reactionary IP blocking unless
E.B.> you _really_ understand what you're doing. They're a great way
E.B.> to shoot yourself in the foot, and frequently accomplish nothing
E.B.> positive.
We do not host a website on this (a Qube 3 - spaced mentioning that) so do I
still need to be concerned about automated IP blocking ?
E.B.> SOCKS proxies often are not properly secured. Perhaps the
E.B.> network had an erroneous proxy configuration, or perhaps they
E.B.> were scanning maliciously. Maybe a machine had been infected and
E.B.> was trojaned.
Guess we will never know.
E.B.> Your effort is best put into maintaining your system(s). We
E.B.> receive thousands of suspicious packets each day. It just isn't
E.B.> worth chasing down 99.99% of them.
E.B.>
E.B.> PayPal/bank/ID phishing is another matter...
Understand and normally I don't. Just happened to on this one and find it
was a "findable" site :-)
Thanks,
Chuck