Date: Tue, 13 Oct 1998 17:31:16 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Brett Glass <brett@lariat.org> Cc: Darren Reed <avalon@coombs.anu.edu.au>, grimace <grimace@ns.nternet.net>, security@FreeBSD.ORG, cert@cert.org Subject: Re: Spoofed connections on port 13223?? Message-ID: <Pine.BSF.3.96.981013172613.20108A-100000@fledge.watson.org> In-Reply-To: <4.1.19981013100624.041b8760@mail.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Oct 1998, Brett Glass wrote: > CERT? Don't bother. They'll respond several months after it's too late > and say, "Oh, dear." > > --Brett This does not seem to meet with the experiences I have had with CERT. Last year someone attempted to attack one of my machines by corrupting DNS cache entries on a caching name server at another location -- when I reported this to CERT, they called me that evening and offered to manage communications between me and the other site being spoofed, etc. While they did not offer much in the way of technical advice, this was not a problem as I am fairly experienced in this area. My only real problem with the CERT process is their incredibly long form that must be submitted by email. It is inappropriate for use (or was last time I looked) in situations where more than one machine might be involved, or in situations where there is an ongoing attack but no successful breakin. A more flexible (and simple) form would go a long way. I am certain that there are far fewer reports to CERT because of the complexity of the reporting process. It is entirely possible that things have become far more simple since then -- for the sake of everyone, I hope they have :). The concept of 'CERT' is a very useful one. Robert Watson > > > At 08:23 PM 10/13/98 +1000, Darren Reed wrote: > > >People, I can understand wanting to bring it to an informal forum, but > >if you seriously think you are under attack then you should contact the > >relevant CERT and talk with them about it. It may be that what you're > >seeing is part of a "bigger picture" that you can't see. > > > >Darren > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981013172613.20108A-100000>