From owner-freebsd-security Wed Apr 25 20:18:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 1B4D637B424 for ; Wed, 25 Apr 2001 20:18:53 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id XAA16168; Wed, 25 Apr 2001 23:18:47 -0400 (EDT) (envelope-from wollman) Date: Wed, 25 Apr 2001 23:18:47 -0400 (EDT) From: Garrett Wollman Message-Id: <200104260318.XAA16168@khavrinen.lcs.mit.edu> To: Michael Scheidell Cc: freebsd-security@FreeBSD.ORG Subject: Re: Connection attempts (& active ids) In-Reply-To: <200104260303.f3Q33CK49974@caerulus.cerintha.com> References: <200104260303.f3Q33CK49974@caerulus.cerintha.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > If I don't know they are trying, they WILL get in. If you don't make it worth their while, they will move on to a more tempting target. There are enough unpatched DeadRat 7.0 machines in the world to occupy their time for quite a while. My network has a thousand machines on it, of which about ten are somewhat under my personal control. I could spend all my time every day responding to IDS alerts, port scans, address scans, and such like, or I could put real effort into ensuring that the mission-critical systems I am responsible for are managed properly and securely -- not to mention educating the people who manage the others about doing the same. I don't think I need to state which activity I find more useful. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message