Re: Blocking IP Address does not work
From: Roland Hall (nobody_at_nowhere)
Date: 02/17/05
- Next message: Roland Hall: "Re: Problem accessing site from same box"
- Previous message: George Spanos: "Re: The instruction at "0x787c43c1" referenced memory at "0x00000000"."
- In reply to: matthewalbum_at_gmail.com: "Re: Blocking IP Address does not work"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Feb 2005 22:15:01 -0600
<matthewalbum@gmail.com> wrote in message
news:1108576438.700453.59670@f14g2000cwb.googlegroups.com...
: What is a lil script?
:
: The problem has escalated somewhat - I seem to have many many machines
: attacking my server from all over the place.
lil = little
script = script driven
kiddie = clueless pest
If you're being attacked from within your LAN, you need a network security
professional to take a look at your network. To do it on your own you need
to do the following:
1. Unplug any infected computer from the network. There is no reason to
clean a system that will be reinfected/compromised before you can clean the
rest and implement security. It's pointless and a waste of time and money.
You've probably already figured out you'll spend more now than you might
have had you taken precautions to protect yourself.
2. Disconnect the LAN from the Internet, if need be.
3. Investigate the situation and determine not only the source of attack(s)
but the attack(s) being waged against you.
4. Backup the DATA ONLY of the infected systems.
5. Wipe out the systems after (2) reliable backups of DATA ONLY.
6. Reinstall your OS from a known clean source.
7. Apply the latest service pack.
8. Reinstall your application software from a known clean source.
9. Apply the latest service pack.
10. Have a network security evaluate your level of protection and submit a
plan.
11. Talk to your "decision maker(s)" and purchase the level of security you
need balanced with your budget limitations.
12. Reconnect your systems to the network/Internet.
Will anyone ever follow this scenario? No because you cannot be down for
that long. So, you will have to concede that during now and the time when
you are relatively secure, you're going to be down, from time to time, as
attacks are waged and succeed against your network.
There is no 100% security plan unless you turn off your system which makes
it useless. Also, security is like paint. More layers, more protection.
It's also not a one-time process. It is a philosophy. And, after all the
money you spend and even after all the education you provide for your users,
you'll still be compromised one day because someone was social engineered.
For every lock, there is a key. For every engineered process, there is a
reverse-engineered process coming soon. You'll never lock out everyone,
forever. You'll lock out some, possibly most, for awhile.
-- Roland Hall /* This information is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. */ Online Support for IT Professionals - http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech How-to: Windows 2000 DNS: http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201 FAQ W2K/2K3 DNS: http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
- Next message: Roland Hall: "Re: Problem accessing site from same box"
- Previous message: George Spanos: "Re: The instruction at "0x787c43c1" referenced memory at "0x00000000"."
- In reply to: matthewalbum_at_gmail.com: "Re: Blocking IP Address does not work"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
