Hello, folks! Could anybody tun my toolkit https://github.com/FastVPSEestiOu/fastnetmon with collect_attack_pcap_dumps = on option agains this attack type?
With pcap dump we could do detailed analyze and share all details with Community. On Tue, Jul 21, 2015 at 2:16 PM, Jared Mauch <ja...@puck.nether.net> wrote: > > I'm reminded of the "the russians are hacking our water system" > stories from a few years back, when it turned out the water system > adminstrator was on vacation in russia. > > often traffic comes from unexpected locations. perhaps you > should fail-closed with good business practices to open things up. > perhaps you fail-open then mitigate risk by using a blocklist. > > my suggestion is that if you didn't live through the days > of the bogon lists, which were later allocated to RIRs, a block > list is likely not the right approach if you truly working on > security posture. > > - Jared > > On Mon, Jul 20, 2015 at 09:50:44PM +0100, Colin Johnston wrote: >> blocking to mitigate risk is a better trade off gaining better percentage >> legit traffic against a indventant minor valid good network range. >> >> >> Sent from my iPhone >> >> > On 20 Jul 2015, at 21:20, valdis.kletni...@vt.edu wrote: >> > >> > On Mon, 20 Jul 2015 21:12:33 +0100, Colin Johnston said: >> >> source user to use phone contact and or postal service to establish >> >> contact >> > >> > And your phone and postal addresses are listed *where* that Joe >> > Aussie-Sixpack >> > is likely to be able to find? >> > >> > (Hint 1: If it's on your website, they can't find it.) >> > >> > (Hint 2: Mortal users have never heard of WHOIS or similar services) >> > >> > And what are the chances that after 3-4 days of unreachable, the user will >> > simply conclude you've gone out of business and you've lost a >> > customer/reader >> > to a competitor? > > -- > Jared Mauch | pgp key available via finger from ja...@puck.nether.net > clue++; | http://puck.nether.net/~jared/ My statements are only mine. -- Sincerely yours, Pavel Odintsov
