[SATLUG] ATT Thanks you

Tue Jan 9 21:50:18 CST 2007

On Tuesday 09 January 2007 08:52, Ramon Hermida wrote:
> Just to throw my $0.02 cents on this one, and this is before I am fully
> caffeinated as well >.<
>
> Just as a couple of folks mentioned previously, it just would not be
> practical for ISPs to answer every single issue that was reported to them.
> I have seen the other side of the coin on this one in which a client thinks
> they are being hacked because they received a virus-related attachment on
> their inbox, which the anti-virus promptly picked up and destroyed.  You
> see where I am going with this =o)

Here here.. My brother knows enough about his own WinXP system and networking 
to be dangerous.  And every time he gets a virus email in Outlook or his 
email goes down due to a stupid mail client or software firewall change.. he 
thinks that some hacker that he pissed off once is "after him again"... 
<sigh>..

> So where does that leave us?  Like several people mentioned, we can come up
> with IPTABLES-based blocking mechanisms.  Personally, 

> I would recommend 
> running a smoothwall/ipcop firewall upfront especially when sharing the
> connection amongst several computers (yes, some DSL routers come with a
> firewall component included, but I find a dedicated firewall offers much
> more granularity). 
> Only open ports that are truly needed.  If you are 
> running servers, always keep the software patched and backed up and keep an
> eye on the logs; also try to restrict who has access to certain
> folders/logins if possible.

Good advice.. I have an ancient load of Linux on line and it's never been 
hacked since it went up in 2000 (and I see attack strings all the time in the 
logs).  I manually keep things patched, have a simple iptables firewall in 
place, conform to a good security policies, enforce strong passwords and keep 
my exposed network profile to a minimum -- and I just don't sweat the ssh 
strong arm or buffer over flows attacks.  It's all a part of being on the 
net. <knock on laptop>

Really though.. Many of the loudest shouts for help (other than the bastarts 
who honestly did something stupid and got hacked as a result).. many of the 
loudest shouts come from the inexperienced who start peering into their logs 
for the first time... or install a "personal firewall" and see the ugly 
reality of the net.  They then promptly freak out thinking the the sky is 
indeed falling.. or that some malcontent hacker has specifically targeted 
them.

Honestly.. hardly anyone on this list is important enough to be "targeted by a 
real hacker"...  and if you are (or they do), then you hopefully already know 
this and have hopefully already take adequate precautions. ;)

So in short.. follow security best practices.. run a tight ship, and don't 
sweat the big waves. ;)

Oh yeah.. and never stop learning and applying more security measures.. or 
hire someone like me who can do so for you.. ;)

Tweeks