At 03:03 PM 5/12/2005, Mike Hunter wrote:
>On May 12, "Jake-F Harwood" wrote:
>
> > At 01:21 PM 5/12/2005 -0700, Tom Holub wrote:
> > >
> > >If the hackers are actually accomplishing anything (that is, if their
> > >FTP server or back door is available to the net), SNS should be able
> > >to scan for them.
>
>Another point here is that it's not easy for SNS to scan every port on
>every box on campus. Even the fancy-pants software they're evaling
>doesn't do that quickly.
Your right its not easy, but we do it on a limited scale. When certain
alerts are triggered in one of our IDS systems, the host is scanned on
almost every tcp port (I believe we skip two which have caused problems for
a significant number of hosts). This scan is an integral part of our
incident analysis process. Of course it wouldn't be necessary if I had a
root/admin login to every box on campus, but if a couple holes in firewalls
has caused this debate I hate to imagine what that would generate.
JUST SO EVERYONE KNOWS: Even if I could get that login, I wouldn't want
it. Its enough work guarding the secrets we have access to now, I can't
even imagine the work that would go into guarding those account logins.
John
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Fri May 13 00:30:23 2005
This archive was generated by hypermail 2.1.8 : Fri May 13 2005 - 00:30:27 PDT