From owner-freebsd-questions@FreeBSD.ORG Sun Aug 14 09:16:58 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 267EC106564A for ; Sun, 14 Aug 2011 09:16:58 +0000 (UTC) (envelope-from btillman99@yahoo.com) Received: from nm14.bullet.mail.ac4.yahoo.com (nm14.bullet.mail.ac4.yahoo.com [98.139.52.211]) by mx1.freebsd.org (Postfix) with SMTP id B9C198FC13 for ; Sun, 14 Aug 2011 09:16:57 +0000 (UTC) Received: from [98.139.52.189] by nm14.bullet.mail.ac4.yahoo.com with NNFMP; 14 Aug 2011 09:16:57 -0000 Received: from [98.139.52.160] by tm2.bullet.mail.ac4.yahoo.com with NNFMP; 14 Aug 2011 09:16:57 -0000 Received: from [127.0.0.1] by omp1043.mail.ac4.yahoo.com with NNFMP; 14 Aug 2011 09:16:57 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 114444.10930.bm@omp1043.mail.ac4.yahoo.com Received: (qmail 26070 invoked by uid 60001); 14 Aug 2011 09:16:56 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1313313416; bh=MDZ6kJzDpUwNH+PK73RB0/ArW/inqstx81ZtoZvNteU=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=4BJ8G9PDSmRJL5mY08qt0+5iQr2nSVbbVWE2KDk+h6v16yBu9fgs1RG1SUoGG6gq7SjSCzHHmU17jyiIeuLj+wqzZtZ2zuZHvHfTYm57T+B3ArAVfqN5+Jd6Qow/pFU+Ub9/Q/fwcKCVMAcLjqoJfsgjIKao8frxmK9RuYG2Hqc= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=KqBexjPzlB7p9tI/GNL1KHNdbmynjijR8Tj72o4nNLFKXHNFAKffxvNS8kGPh9VowO1UlBs1xC+fkUNticGIHbwh+4sMrhhIaid0b70X9QhpY0rYebytDI5oHGEFtbXixFUt1vZnxko9G7k0CFfLgaw3X8bTe8txaNN9Jfc4Iig=; X-YMail-OSG: D0p0FXMVM1ksxyVvbPuyysNaYCTIYFMebs3vf07lUuSTSPB hkoVzv.wdLKjoy_OdWepaRiJUKN6ZDO5myZ44hnDkqNaPg1w_T28QcS6efqO 6JNlPxDUQsENrY8Ry8ACqSD86yV6SFV0eH4hn53QcuIf7rcFC0QAxjLWqHEH F9bI3q6tHJJ4TdMVjGp5TJpNxk0Zl7cns8zMBwbnhHuJRHOkTIXDUdmaIVnm yfeK1Hlszh_hEZMEW3gWK1cLW5OIvU4mkHqBk0iScDIT8o24IaE13NDut2kJ I1yhKt6T6a7o3eCwx6mzGwejoO7L8HCgxbxmbG1zV_cIf.rIe6ud1NaD3TSj .ecQzXSksRN6n7PtS1biTBKcQf0PlUkqPgSzaSitC_0m_KC9kfageXX_UFBX HML_iWWvQkQyKCZlCRn1lThDQzkfWg9W2SjidSe1eGgTKSjbCAGbQtzm3Se3 XLXSOOwcmmcukwsFP.6Gaj4IrL.LkIhddBJhUEL8BeOnEvJ6Nh6wqbKDmuf0 X9y1JQU6Kwjg2hVLBWvuwjAQKbuSdyN0ehxgADA2jFD8NpMde6bifutZrBGY Xkwt4PXvDXJD5g2oD__vQJ_F9RigrYCZuk7Mcj2sB4zBW47tttgh8v1VM76m buDv.gOLg0Sl.IGyuadzlb.5N9raz_6.OvHYU95tmiSen3gNTmg-- Received: from [76.108.201.66] by web36503.mail.mud.yahoo.com via HTTP; Sun, 14 Aug 2011 02:16:56 PDT X-Mailer: YahooMailClassic/14.0.4 YahooMailWebService/0.8.113.313619 Message-ID: <1313313416.22472.YahooMailClassic@web36503.mail.mud.yahoo.com> Date: Sun, 14 Aug 2011 02:16:56 -0700 (PDT) From: Bill Tillman To: freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Poll on server attacks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Aug 2011 09:16:58 -0000 --- On Sat, 8/13/11, Alejandro Imass wrote: From: Alejandro Imass Subject: Re: Poll on server attacks To: "FreeBSD" Date: Saturday, August 13, 2011, 7:57 PM On Sat, Aug 13, 2011 at 4:40 PM, Jerry wrote: > On Sat, 13 Aug 2011 15:43:02 -0400 > Alejandro Imass articulated: > [...] > Personally, I prefer: . It is just a > matter of personal taste I guess. > Thanks for the information, they look like a great option. We are still evaluating all our options for block lists, but for sure it's one of the measures we started taking recently. We really avoided for years the idea of blocking any country as such, because it seems that is unfair to the legitimate Internauts in those countries, but sadly it has come down to that. [...] > > About as useful as attempting to build a time machine in my basement. > Works for Stewe Griffin! > Knujon is basically a one man operation that > has made huge strides in discovering criminal activity among registrars, > etcetera. You might want to investigate them further. They are always > looking for help. > That looks very cool. Definitively worth collaborating with! > Just for my own morbid curiosity, what are these "enormous costs" that > you refer to? You are not buying new hard ware I assume. If you are > using FOSS then there is little or no software cost involved. Other > than paying for someone's time, something that would be happening > anyway, what "enormous cost" comes into play? > We're a tiny 10 people operation and we manage about half a dozen servers. We have one dedicate sysadmin, and even so I have to dedicate at least 20% of my time to the security issues. This does not count DB maintenance and overall health checks of the platform. About 50% or more of my admin's time goes into fine tuning our security measures, security patches, etc. - that plus about 20% of my time which I could be doing much more productive stuff. For such a small company to me that is a huge cost! You could say that maybe probably don't have all the security expertise, and that's why we invest so much human time into this, but whichever way it's still a lot of lost money. I think that hiring this out would probably be more expensive and in my experience these security "experts" many time know less than we do - especially when it comes down to our FBSD servers! I can only image how this is affecting companies that are much larger than us. Well that is, if they really take care and analyze attacks and logs, or maybe they hire fewer but more expert security teams... probably, but it's still very costly IMHO. -- Alejandro Imass _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org= " =A0 I, like Jerry would also question your definition of enormous costs. I see = attacks at my servers every day. But those are merely attempts to hack in a= nd if you don't have actual breaches into your server then you're ok.=A0You= will never stop the peverbial stone thorwers out the in the Internet. You = might as well try to turn iron into gold. =A0 As for reporting to the abuse@isp.coms, forget it. Some will be helpful. Mo= st will not. Doesn't mean they ignore you they may even shutdown the offend= ers. But remember just because you report a break-in attempt the other part= y may claim to be innocent and thus the ISP is in a he-said+she-said situat= ion in which they could loose revenue and/or be sued. As for me I do examin= e my log files periodically for breakins, but in the many years I've been r= unning FreeBSD I have only experienced one major breach and that was due to= my failure to plug an obvious hole in my Asterisk dial plan. Since then I = still see the hackers making attempts all the time to break in but so far I= PFW and my new and improved dial plan have kept the trouble makers at bay. = And I don't spend that much time worrying about it or expending costs or re= sources to stop them. Still, being diligent is a good thing so I keep watch= ing for signs. =A0