To each their own. The plus side of the Nigerian scammer types is they have many more lulz than APNIC or RIPE.
________________________________ From: Derrick Peavy <[email protected]> To: [email protected] Sent: Mon, November 23, 2009 1:50:40 PM Subject: Re: [ACFUG Discuss] SQL Injection That being said.... I still block Afrinic and will continue to do so. Too many past issues with Nigeria. It may be whackamole, but it's effective enough that i no longer have to deal with brute force attacks nearly as often. I consider it low hanging fruit to knock off some of the subnets that are known to be nasty. Takes 10 minutes and then RONCO - "Set it and Forget it!" _____________________ Derrick Peavy [email protected] 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _____________________ On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: I was just getting ready to say that... > >When I first started administering servers I used to get really freaked out by >all of the attack traffic and spent a bunch of time blocking IP's at the >router. Over time I realized that it was just playing whack-a-mole and was >mainly a waste of my time. If you knock them down on one subnet, another will >popup, and your overall attack traffic will be undiminished. All you've done >is waste your own time and mental energy. A better approach is to make sure >your network, server and applications are as tight as they can be (and >validate that regularly), and quit worrying about botnets and script kiddies. > > > > ________________________________ From: Dean H. Saxe <[email protected]> >To: [email protected] >Sent: Mon, November 23, 2009 10:55:25 AM >Subject: Re: [ACFUG Discuss] SQL Injection > >You miss the point. Attackers don't just originate from their home countries, >they bounce through proxies around the world, including where your intended >audience sits. > > >-dhs > > >-- >Dean H. Saxe >"A true conservationist is a person who knows that the world is not given by >his fathers, but borrowed from his children." -- John James Audubon > > > > >On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: > >I think that would depend on the intended scope and audience of your site or >server's sites. For example, does someone in Beijing need to browse for a >product that isn't available over the web or sold in any store outside the >contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up >laundry service in St. Louis? Of course there would be exceptions but I think >it would be worth the small number of legitmate denials to do this. >> >><image001.jpg> >>___________________________________________________________________________________________ >> >>Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 >> ext. 603 | dynapp.com | facebook.com/dynapp >> >>From: [email protected] [mailto:[email protected]] On Behalf Of Dean H. Saxe >>Sent: Friday, November 20, 2009 10:08 PM >>To: [email protected] >>Subject: Re: [ACFUG Discuss] SQL Injection >> >>Yeah sure, you CAN, but its not the solution to the problem. On a recent >>incident response we had attacks originating from asia, south america and >>europe. Do you plan on blocking them all? >> >>-dhs >> >>-- >>Dean H. Saxe >>"A true conservationist is a person who knows that the world is not given by >>his fathers, but borrowed from his children." -- John James Audubon >> >> >> >> >> >> >>On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: >> >> >> >>You can block subnets. On a couple of domestic sites, I have even blocked >>all requests from ALL OF ASIA (or close). While I know this is a drastic >>measure… all SQL Injection attack (and other hack attacks) attempts reduced >>by 98% with that done. >> >>Here is a link that describes how to do this and why: >>http://www.parkansky.com/china.htm >> >>From: [email protected] [mailto:[email protected]] On Behalf Of Dean H. Saxe >>Sent: Friday, November 20, 2009 11:59 AM >>To: [email protected] >>Subject: Re: [ACFUG Discuss] SQL Injection >> >>Blocking IPs is useless, attackers will just use another proxy to change the >>apparently location of the originating attack. You can't stop the attempts, >>you must instead prevent the exploitation of vulnerable code. This means >>writing secure code using data validation on all input, data sanitization on >>output (in this case, parameterized queries using cfqueryparam) and following >>the principle of least privilege on the database access. >> >>-dhs >> >>-- >>Dean H. Saxe >>"A true conservationist is a person who knows that the world is not given by >>his fathers, but borrowed from his children." -- John James Audubon >> >> >> >> >> >> >> >>On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: >> >> >> >> >>Hey folks, >> >>I saw John's tweet earlier this week about a new wave of SQL Injection ( and >>link to a great article on it >>http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), >> and sure enough I'm seeing a huge upswing in attempts. Over 100 failed >>attempts last night alone. >> >>We have taken the steps to prevent damage / harm, but I was wondering what >>folks are doing after they stop the attempt. What kind of message if any do >>you provide ? Are people checking the logs, and blocking IP's of the worst >>offenders? Or something else? >> >>-Rudi >> >> >>------------------------------------------------------------- >>To unsubscribe from this list, manage your profile @ >>http://www.acfug.org/?fa=login.edituserform >> >>For more info, see http://www.acfug.org/mailinglists >>Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>List hosted by FusionLink >>------------------------------------------------------------- >> >>No virus found in this incoming message. >>Checked by AVG - www.avg.com >>Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 >>07:52:00 >>------------------------------------------------------------- >>To unsubscribe from this list, manage your profile @ >>http://www.acfug.org/?fa=login.edituserform >> >>For more info, see http://www.acfug.org/mailinglists >>Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>List hosted by FusionLink >>------------------------------------------------------------- > >------------------------------------------------------------- >To unsubscribe from this list, manage your profile @ >http://www.acfug.org?fa=login.edituserform > >For more info, see http://www.acfug.org/mailinglists >Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >List hosted by FusionLink >------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
