Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Thanks (mostly) (Score 1) 265

Well it seems that the general consensus is to disable or ignore the alerts and just get on with life, and I expect that's what I'll do. But to those that pointed out that port scans are a fact of life, yeah, I get that. I didn't come down in the last shower, and I know it's a big bad scary world out there, but the UTM is intelligent enough that it only raises an alert when a scan is considered particularly egregious. Even with all the script kiddies and other scanners out there, I get an average of less than one port scan alert per week under normal circumstances, not counting the one routine scan that I myself have requested. So when I started getting multiple reports daily, every day, from the same subnet, yeah, it got my attention. Analogously, we get people ringing our front door bell once every couple of weeks, but these folks are standing on our front stoop ringing that bell all day every day, and it chokes my goat to just shrug it off and let them keep doing it.

Turning off any alerts goes against the grain, but as y'all have pointed out, as long as the defenses are in place then stuff bouncing off the walls doesn't really warrant concern.

To those that suggested filtering the alert messages, I have considered that, but I don't currently have any means of filtering based on anything but the mail headers, and the originating address only appears in the body. Still, I may look a little further if I start to twitch because I'm "missing" alerts.

To those that pointed out that the UTM ought to be filtering before detecting, yeah, I get that too, and in fact I have raised it with Sophos, but unfortunately as a non-paying Home Use customer, my voice doesn't carry a lot of weight. I do get that I could probably cobble something together using Open Source and a bunch of cryptic incantations, but frankly, I do enough low-level stuff in my day job - when I get home, I just want to enjoy my internet connection, not spend hours maintaining it. But thanks for the suggestions.

So in summary, I guess it's time to turn off the notifications, stick my virtual fingers in my ears, and start chanting Merry Christmas. Cheers!

Comment Re:Put a filter box in front of full firewall (Score 1) 265

It's not a firewall appliance, it's a program that runs on his Windows PC.

Comprehension FAIL. UTM9 is a software firewall on a dedicated box. It's exactly the same software stack as their hardware appliances - the only difference is that the customer supplies the hardware.

Submission + - Ask Slashdot: How to deal with persistent and incessant port scanner

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company?

I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgement and zero action.

So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely.

This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect.

So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

Comment When is yellow not yellow? (Score 1) 653

So the USPTO awards Fluke a trademark color scheme without defining the actual colors? How does that work? If Sparkfun's next batch of red DMM's is not "red enough" for Fluke's liking, can they claim that their red is actually just a very reddish yellow? How about green - that contains yellow too; technically, the only color not covered by this trademark is primary blue.

Submission + - Ask Slashdot: How to deal with a company that appears unconcerned that their use 3

jetkins writes: As the owner of my own mail domain, I have the luxury of being able to create unique email addresses to use when registering with web sites and providers. So when I started to receive virus-infected emails recently, at an address that I created exclusively for use with a well-known provider of tools for the Systems Administration community (and which I have never used anywhere else), I knew immediately that either their systems or their subscriber list had been compromised.

I passed my concerns on to a couple of their employees whom I know socially, and they informed me that they had passed it up the food chain, but I have never received any sort of official response, nor seen any public notification or acceptance of this situation.

When I received another virus-infected email at that same address this week, I posted a polite note on their Facebook page. Again, nothing.

If it was a company in any other field, I might expect this degree of nonchalance, but given the fact that this company is staffed by — and primarily services — geeks, I'm a little taken aback by their apparent reticence.

So, since the polite, behind-the-scenes approach appears to have no effect, I now throw it out to the group consciousness: Am I being paranoid, or are these folks being unreasonable in refusing to accept or even acknowledge that a problem might exist? What would you recommend as my next course of action?

Submission + - New peer-to-peer tracking technology?

jetkins writes: "The Melbourne, Australia, Age reports on a new "tracking program" which local police are using to pinpoint child pornography without the need for search warrants or other invasive techniques.

Is this simply a matter of seeding the PtP smut networks with digitally signed files, and then tracking the IP addresses of the peers that leech and seed them, or is this something new? One has to presume that if law enforcement agencies are using this for criminal investigations, the RIAA and MPAA surely can't be far behind."
Privacy

Submission + - SPAM: Survey: US Residents Don't Want Targeted Ads

itwbennett writes: "A survey by the Berkeley Center for Law and Technology at the University of California Berkeley School of Law and the Annenberg School for Communication at the University of Pennsylvania finds that U.S. residents do not want to receive Web advertising tailored to their interests. 66% of those surveyed said they don't want tailored, or targeted, online ads and when asked if online ad vendors should deliver targeted ads by tracking customers' behavior across multiple Web sites, 86% of the 1,000 respondents said no. 35% percent of respondents said executives of companies that use personal information illegally should face jail time, and 18% said those companies should be put out of business. 'While privacy advocates have lambasted behavioral targeting for tracking and labeling people in ways they do not know or understand, marketers have defended the practice by insisting it gives Americans what they want: advertisements and other forms of content that are as relevant to their lives as possible,' the study said. 'In high percentages, [U.S. residents] stand on the side of privacy advocates.'"
Link to Original Source

Submission + - Online thieves step up bank raids (wordpress.com)

An anonymous reader writes: Cyber-criminals have developed sophisticated ways to remain undetected, a new report finds.The report, from security firm Finjan, describes how one gang, based in the Ukraine, stole 300,000 euros (£269,000) in 22 days.
Security

Submission + - SPAM: Fake antivirus overwhelming scanners

ChiefMonkeyGrinder writes: "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."
Link to Original Source

Submission + - Canadian Minister Caught Lying About Net Surveilla (michaelgeist.ca)

An anonymous reader writes: The Canadian government has introduced Internet surveillance legislation that requires ISPs to disclose customer information without a warrant. Peter Van Loan, the Minister in charge, claims that a Vancouver kidnapping earlier this year shows the need for these powers. Michael Geist has done some digging and shows this to be a lie — the Vancouver police acknowledge that the case did not involve an ISP request and the suspect is now in custody.
Science

Submission + - 2009 Ig Nobel Awards are Tonight! (improbable.com)

An anonymous reader writes: The Ig Nobel Prizes honor achievements that first make people laugh, and then make them think. The prizes are intended to celebrate the unusual, honor the imaginative — and spur people's interest in science, medicine, and technology. This year, the 19th First Annual Ig Nobel Prize Ceremony at Harvard's Sanders Theater will introduce ten new Ig Nobel Prize winners. The winners are traveling to the ceremony, at their own expense, from several continents. The Prizes will be handed to them by a group of genuine, genuinely bemused Nobel Laureates, assisted by a large number of assorted Ig personnel, all before a perpetually standing-room only audience. Best of all, it will be webcast live.

Slashdot Top Deals

It is masked but always present. I don't know who built to it. It came before the first kernel.

Working...