Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Comment Thanks (mostly) (Score 1) 265

by jetkins (#51173821) Attached to: Ask Slashdot: How To Deal With a Persistent and Incessant Port Scanner?
Well it seems that the general consensus is to disable or ignore the alerts and just get on with life, and I expect that's what I'll do. But to those that pointed out that port scans are a fact of life, yeah, I get that. I didn't come down in the last shower, and I know it's a big bad scary world out there, but the UTM is intelligent enough that it only raises an alert when a scan is considered particularly egregious. Even with all the script kiddies and other scanners out there, I get an average of less than one port scan alert per week under normal circumstances, not counting the one routine scan that I myself have requested. So when I started getting multiple reports daily, every day, from the same subnet, yeah, it got my attention. Analogously, we get people ringing our front door bell once every couple of weeks, but these folks are standing on our front stoop ringing that bell all day every day, and it chokes my goat to just shrug it off and let them keep doing it.

Turning off any alerts goes against the grain, but as y'all have pointed out, as long as the defenses are in place then stuff bouncing off the walls doesn't really warrant concern.

To those that suggested filtering the alert messages, I have considered that, but I don't currently have any means of filtering based on anything but the mail headers, and the originating address only appears in the body. Still, I may look a little further if I start to twitch because I'm "missing" alerts.

To those that pointed out that the UTM ought to be filtering before detecting, yeah, I get that too, and in fact I have raised it with Sophos, but unfortunately as a non-paying Home Use customer, my voice doesn't carry a lot of weight. I do get that I could probably cobble something together using Open Source and a bunch of cryptic incantations, but frankly, I do enough low-level stuff in my day job - when I get home, I just want to enjoy my internet connection, not spend hours maintaining it. But thanks for the suggestions.

So in summary, I guess it's time to turn off the notifications, stick my virtual fingers in my ears, and start chanting Merry Christmas. Cheers!

Comment Re:Put a filter box in front of full firewall (Score 1) 265

by jetkins (#51172177) Attached to: Ask Slashdot: How To Deal With a Persistent and Incessant Port Scanner?

It's not a firewall appliance, it's a program that runs on his Windows PC.

Comprehension FAIL. UTM9 is a software firewall on a dedicated box. It's exactly the same software stack as their hardware appliances - the only difference is that the customer supplies the hardware.

Submission + - Ask Slashdot: How to deal with persistent and incessant port scanner

Submitted by jetkins
jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company?

I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgement and zero action.

So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely.

This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect.

So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

Comment When is yellow not yellow? (Score 1) 653

by jetkins (#46537153) Attached to: $30K Worth of Multimeters Must Be Destroyed Because They're Yellow
So the USPTO awards Fluke a trademark color scheme without defining the actual colors? How does that work? If Sparkfun's next batch of red DMM's is not "red enough" for Fluke's liking, can they claim that their red is actually just a very reddish yellow? How about green - that contains yellow too; technically, the only color not covered by this trademark is primary blue.

Submission + - Ask Slashdot: How to deal with a company that appears unconcerned that their use 3

Submitted by jetkins
jetkins writes: As the owner of my own mail domain, I have the luxury of being able to create unique email addresses to use when registering with web sites and providers. So when I started to receive virus-infected emails recently, at an address that I created exclusively for use with a well-known provider of tools for the Systems Administration community (and which I have never used anywhere else), I knew immediately that either their systems or their subscriber list had been compromised.

I passed my concerns on to a couple of their employees whom I know socially, and they informed me that they had passed it up the food chain, but I have never received any sort of official response, nor seen any public notification or acceptance of this situation.

When I received another virus-infected email at that same address this week, I posted a polite note on their Facebook page. Again, nothing.

If it was a company in any other field, I might expect this degree of nonchalance, but given the fact that this company is staffed by — and primarily services — geeks, I'm a little taken aback by their apparent reticence.

So, since the polite, behind-the-scenes approach appears to have no effect, I now throw it out to the group consciousness: Am I being paranoid, or are these folks being unreasonable in refusing to accept or even acknowledge that a problem might exist? What would you recommend as my next course of action?
Privacy

Submission + - SPAM: Survey: US Residents Don't Want Targeted Ads

Submitted by
itwbennett
itwbennett writes: "A survey by the Berkeley Center for Law and Technology at the University of California Berkeley School of Law and the Annenberg School for Communication at the University of Pennsylvania finds that U.S. residents do not want to receive Web advertising tailored to their interests. 66% of those surveyed said they don't want tailored, or targeted, online ads and when asked if online ad vendors should deliver targeted ads by tracking customers' behavior across multiple Web sites, 86% of the 1,000 respondents said no. 35% percent of respondents said executives of companies that use personal information illegally should face jail time, and 18% said those companies should be put out of business. 'While privacy advocates have lambasted behavioral targeting for tracking and labeling people in ways they do not know or understand, marketers have defended the practice by insisting it gives Americans what they want: advertisements and other forms of content that are as relevant to their lives as possible,' the study said. 'In high percentages, [U.S. residents] stand on the side of privacy advocates.'"
Link to Original Source
Security

Submission + - SPAM: Fake antivirus overwhelming scanners

Submitted by
ChiefMonkeyGrinder
ChiefMonkeyGrinder writes: "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."
Link to Original Source

How Do You Deal With Sensitive Data? 226

Posted by ScuttleMonkey from the just-turn-off-db-access-for-everyone dept.
imus writes "Just wondering how most IT shops secure sensitive data (customer records). Most centrally managed databases seem to be monitored and maintained very well and IT workers know when they are tampered with or when unauthorized access occurs. But what about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs? How are companies dealing with situations where the database is relatively secure, but end-use devices contain bits and pieces of sensitive business data, and sometimes whole segments? Does anyone use sensitive data discovery software such as Find_SSNs or Senf or other tools? Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?"
The Internet

How To Deal With Internet Bullies? 724

Posted by timothy from the warning-link-contains-classic-deep-trolling dept.
creyes123 writes "I run a free website with an online model airplane design calculator. The number of registered users has quickly climbed and I've gotten many compliments. Out of nowhere, a fellow shows up and proceeds to bad mouth the calculator in a posting in one of my forums. After I politely point out that he's mistaken and should have looked at the documentation before posting, he changes the subject and bad mouths a different 'flaw.' The cycle repeats a few more times, with no apparent end in sight. I want to encourage folks to share their opinions, but constructive criticism was clearly not his goal. I feel that the whole episode was just a massive time waster for me. What did I do to deserve this? Could I have handled this better?"
Communications

HD Radio Recording In the US? 303

Posted by timothy from the line-out-and-a-zoom-recorder dept.
unreceivedpacket writes "The public radio stations I listen to have been advertising their conversion to HD Radio format for some time. They advertise multiple channels, their second channel playing all classical, all the time. I am interested in purchasing a receiver so I can listen to this extra content, and was also hoping to find a receiver with a built-in recorder so I could time-shift programs that are not otherwise available as legal pod-casts. My initial queries have returned few models that support any kind of digital recording, and the existing ones seem out of production or sorely lacking features. Is this the state of Digital Radio in the US? Are there any legal recording devices for HD Radio? Any good solutions for recording and time-shifting, perhaps through Linux?"

Slashdot Top Deals

"From there to here, from here to there, funny things are everywhere." -- Dr. Seuss

Close