Poll on server attacks

Sun Aug 14 09:16:58 UTC 2011

--- On Sat, 8/13/11, Alejandro Imass <ait at p2ee.org> wrote:

From: Alejandro Imass <ait at p2ee.org>
Subject: Re: Poll on server attacks
To: "FreeBSD" <freebsd-questions at freebsd.org>
Date: Saturday, August 13, 2011, 7:57 PM

On Sat, Aug 13, 2011 at 4:40 PM, Jerry <jerry at seibercom.net> wrote:
> On Sat, 13 Aug 2011 15:43:02 -0400
> Alejandro Imass articulated:
>
[...]

> Personally, I prefer: <https://www.countryipblocks.net/>. It is just a
> matter of personal taste I guess.
>

Thanks for the information, they look like a great option.

We are still evaluating all our options for block lists, but for sure
it's one of the measures we started taking recently.
We really avoided for years the idea of blocking any country as such,
because it seems that is unfair to the legitimate Internauts in those
countries, but sadly it has come down to that.

[...]

>
> About as useful as attempting to build a time machine in my basement.
>

Works for Stewe Griffin!

> Knujon <http://www.knujon.com/> is basically a one man operation that
> has made huge strides in discovering criminal activity among registrars,
> etcetera. You might want to investigate them further. They are always
> looking for help.
>

That looks very cool. Definitively worth collaborating with!

> Just for my own morbid curiosity, what are these "enormous costs" that
> you refer to? You are not buying new hard ware I assume. If you are
> using FOSS then there is little or no software cost involved. Other
> than paying for someone's time, something that would be happening
> anyway, what "enormous cost" comes into play?
>

We're a tiny 10 people operation and we manage about half a dozen
servers. We have one dedicate sysadmin, and even so I have to dedicate
at least 20% of my time to the security issues. This does not count DB
maintenance and overall health checks of the platform. About 50% or
more of my admin's time goes into fine tuning our security measures,
security patches, etc. - that plus about 20% of my time which I could
be doing much more productive stuff. For such a small company to me
that is a huge cost! You could say that maybe probably don't have all
the security expertise, and that's why we invest so much human time
into this, but whichever way it's still a lot of lost money. I think
that hiring this out would probably be more expensive and in my
experience these security "experts" many time know less than we do -
especially when it comes down to our FBSD servers!

I can only image how this is affecting companies that are much larger
than us. Well that is, if they really take care and analyze attacks
and logs, or maybe they hire fewer but more expert security teams...
probably, but it's still very costly IMHO.

--
Alejandro Imass
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

I, like Jerry would also question your definition of enormous costs. I see attacks at my servers every day. But those are merely attempts to hack in and if you don't have actual breaches into your server then you're ok. You will never stop the peverbial stone thorwers out the in the Internet. You might as well try to turn iron into gold.

As for reporting to the abuse at isp.coms, forget it. Some will be helpful. Most will not. Doesn't mean they ignore you they may even shutdown the offenders. But remember just because you report a break-in attempt the other party may claim to be innocent and thus the ISP is in a he-said+she-said situation in which they could loose revenue and/or be sued. As for me I do examine my log files periodically for breakins, but in the many years I've been running FreeBSD I have only experienced one major breach and that was due to my failure to plug an obvious hole in my Asterisk dial plan. Since then I still see the hackers making attempts all the time to break in but so far IPFW and my new and improved dial plan have kept the trouble makers at bay. And I don't spend that much time worrying about it or expending costs or resources to stop them. Still, being diligent is a good thing so I keep watching for signs.