| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Comments:
<0> yeah
<1> ips is only good for script kiddies and keeping noise down
<1> if you really want to hack the network you'll never know, and certainly and IPS won't help
<0> but "fail open" is fundamentally wrong from a security standpoint. It's the microsoft way. But, I have to admit that it's normally a necessary evil.
<1> IPS is fundamentally wrong but its a necessary evil also
<1> well, it depends on the company
<0> s/company/business need/
<0> we have a pretty kick*** twist on IPS though.
<1> I'd rather use IDS and review the *all* events for post mortem than rely on a high speed low drag ruleset that will barely catch anything to spare bandwidth
<0> KALIK: oh wow, someone else that would rather see more data than less!
<0> KALIK: man, so so so many people tune out so much valuable ****.
<0> HTF are you supposed to do event correlation with no data?
<1> exactly
<0> and IMO, the IDS world is all about event correlation.
<0> kiddies, worms, big ****ing deal.
<1> lets face it, IDS is only for investigation
<1> its only to find out ok...4 months ago we got a slow port scan from this ip
<0> dedicated attacker? You're aren't getting him without correlating events from multiple systems.
<1> then a month later we get a telnet probe on 25 and a disconnect
<1> blah blah
<0> yeah
<1> you're not going to get that with IPS
<0> that's a human.
<1> right
<1> thats security the right way
<1> but if you have an enterprise network...good luck
<0> and that's impossible to catch without correlation, and a lot of data, and a ****ING HUMAN who can go "well there's an interesting isolated lil event... has this been here before?"
<1> BUT...if you use IDS at least you have the logs to look at
<1> siglite, yeah thats when you have to have a 24/7 operational SOC with people other than monkeys
<0> yep
<0> we're not 24/7 yet, but we have good people looking at events.
<0> I train my padawans well.
<0> and I ****ing refuse to hire monkeys. HR and my boss can kiss my browneye. I'm not hiring monkeys. I want sharp people.
<1> I'd baseline most every 'spyware' rule jsut for noise
<0> we don't. We report out to customers. "hey, douchebag at x.x.101.12 has spyware again. You want your staff to deal with it or want us to dispatch helldesk?"
<1> heh
<1> fun
<1> let me guess..
<1> browser sig
<1> (internet explorer COMET CURSOR)
<1> some **** like that I forget how the rules are written
<0> heh, yeah, and weatherbug, and a hundred other stupid spyware things. Lots of them trip on user-agent
<1> yeah thats what i meant...browser string user agent...whatever :)
<0> the rules that piss me off are the referall spyware rules
<0> where various very large commercial sites put a lil image link in thier pages and stuff
<1> ah
<1> heh
<1> noisy I guess
<0> and it trips as a spyware rule everytime user hits sports illustrated or something
<0> and it's kind of an FP
<0> because there's nothing isntalled on the end user's workstation, his browser just hit a counter image or something
<2> heya Juergen
<3> is anyone here?
<3> i just tryed to install xubuntu 606 on my laptop and now it cant do anything
<3> i run fdisk and it cant make a new partition
<4> eh?
<5> hi all
<3> do you know anything i could do?
<6> hooray, got my linux box connected to internet
<0> tpyatt: are you fdisking the correct device?
<6> first time i've been able to do that
<3> yes
<4> tpyatt: what device?
<3> harddrive
<4> tpyatt: Which is?
<4> tpyatt: /dev/what?
<3> it goes to the drive integrity and keeps going up to 20-30% and startin over
<3> its from windows 98 boot disk
<4> wtf are you talking about?
<5> hmm. has anyone used a comcast connection to set up a web server before?
<4> vIkSiT: I've used a cell phone connection before
<5> i'm not sure how i'd do port forwarding on it.. i can do it on my netgear wlan router, but the comcast modem itself?
<3> i installed xubuntu on my pc it kept saying errors and didnt work
<5> reality, eh?!
<3> i got rid of the partitions
<5> oh you mean as a web server..
<3> now i cant make new ones
<4> tpyatt: You are being totally non-specific
<1> vIkSiT, need a service like TZO
<3> do you know win 98 boot disk
<5> i was trying to set up an ftp server on my machine, which connects to a wlan router, which in turn is connected to a comcast modem
<5> KALIK, service, as in?
<5> oh you mean dynamic dns
<1> vIkSiT, look it up, used to be tzo.com not sure what it is now
<4> tpyatt: this is #linux
<1> does port forwarding etc
<3> yeah
<5> it still is that, incidentally
<3> but linux messed up my computer
<1> heh
<3> i thought maybe it could help me fix
<4> tpyatt: A linux rescue CD would
<1> tpyatt, you're ****ed now buddy! baptism by fire :)
<4> tpyatt: Also noting what exactly the error messages were would have been helpful
<1> erm...***uming you use the installed distro
<4> tpyatt: But, don't ***ume "linux" ****ed up your computer.
<4> tpyatt: "You" ****ed up your computer
<5> KALIK, wait, how does that help me with the comcast modem?
<3> ok
<3> i ****ed it up
<1> vIkSiT, you can have those guys listen to x port and forward to xx port
<3> maybe linux can help me un**** it?
<4> tpyatt: Now put away the win98 bootdisk before you **** **** up even more
<3> ok
<3> can i use something linux to fix
<4> tpyatt: Yes
<3> :)
<3> may i ask waht
<4> tpyatt: When you boot, what error message do you get?
<5> KALIK, ah i see. but i was wondering if someone knows how to : a)find out the correct ip address for that comcast modem, and b)which ports are open on it?
<7> linux usually fixes my computers
<3> blank screen when no cd is in it
<7> you must have downloaded the evil linux
<5> i've used a number of find my ip services, but i get different numbers from each
<3> but i put in install cd and it says somthing like error on hda etc..
<4> tpyatt: Does it load grub?
<3> i guess you can call me a beginner
<3> i have no idea what grub is
<4> We figured.
<3> lol
<4> It should say "Grub Boot Loader" at the top of the screen
<1> LiLo
<1> grub
<3> no
<3> i just started up and its blanks screen with cursur
<4> tpyatt: Did it ever?
<7> when you boot off the CD you get an hda error?
<3> im slightly confused
<3> very*
<4> I'm guessing the win98 bootdisk wiped out the mbr
<3> wow
<3> can i fix that
<4> tpyatt: Is this a dual boot system?
<3> because i asked on some website and they talked about mbr
<7> did you run the win98 floppy after you installed linux?
<3> yea
<3> zez yea*
<4> tpyatt: And my question?
<3> reality not sure what dual but is
<4> tpyatt: windows 98 on one partition and linux on the other partition
<3> no no
<3> i got rid of the 98
<3> installed linux
<7> yeah, the floppy rewrote the mbr
<3> didnt work, tried to reinstall couplt times still didnt work. so i wiped it out with fdisk
<4> tpyatt: Where were you installing grub to?
<7> you might be able to boot off a live cd and fix it but it will probably be easier to reinstall
<7> especially if you just installed it
<3> i dont know what grub is
<5> dammit.
<5> do the comcast modems in general have configurable interfaces?
Return to
#linux
or
Go to some related
logs:
balywood
#AllNiteCafe
uglyornot
chroot /bin/zsh
#linuxhelp
skymedi usb win98
XieX 9
mosix for fc4
#AllNiteCafe
#AllNiteCafe
|
|