[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] A rather newbie question

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] A rather newbie question
From: "Ethan Vaughn" <evaughn@xxxxxxxxxxxx>
Date: Mon, 3 May 2004 11:22:36 -0600 (MDT)

This might be obvious, so i apologize in advance.

I just wanted to point out that this is probably the no.1 security fallacy
I hear among my endlusers.

"Schmidt, Michael R." <Michael.Schmidt@xxxxxxxxxxxx> wrote:
> Thanks,
>
> I use ISA server.  This is my home network, so I probably have nothing
> that they would be interested in.  I do have two static IP addresses and
> a DSL line.

Yes, there *is* something "they" are interested in: owning your box. Even
the  wimpiest granny-owned win95 box is valuable to a blackhat. Once
"owned" your box becomes a "safe machine" from which a blackhat can launch
anonymous attacks. Any trace will come back to you.

I think of it this way, how would I like my personal machine's IP address
to show up in a DDoS attack log against FBI.org? That usually motivates me
to spend a little extra time on my personal net's securiy.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] A rather newbie question
  - From: Ethan Vaughn

References:
- RE: [Full-Disclosure] A rather newbie question
  - From: Schmidt, Michael R.

Prev by Date: Re: [Full-Disclosure] A rather newbie question
Next by Date: Re: [Full-Disclosure] Agobot/Gaobot/Phatbot
Previous by thread: RE: [Full-Disclosure] A rather newbie question
Next by thread: RE: [Full-Disclosure] A rather newbie question
Index(es):
- Date
- Thread