Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2b

jeff on 6 Sep 2018 06:05:07 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...

From: jeff <jeffv@op.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Date: Thu, 6 Sep 2018 09:05:01 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 09/06/2018 08:21 AM, Rich Kulawiec wrote:

Third, part of the reason that I've singled out AWS is that they're one
of the wealthiest operations on the planet.  Amazon's now valued at $1
trillion.  They could afford to staff a 100-person 24x7 response desk
that provided individual/personal responses within the hour in a dozen
languages without even noticing the missing pocket change.  Yet that's
not what happens

As stated here before: "Business decision"

Fifth, and this could be a much longer discussion, so I'll just mention it:
abuse control gets easier the larger the scale.  I'm putting that
in here because sometimes people try to use the size of an operation
as an excuse for their incompetence.


ahem... government.

To be clear, what I'm asking is why wasn't their performance this good
to begin with?

Why are we facing hell with IoT? Because each generation refuses tolearn from what came before. Or even what exists currently.

personnel resources.  They started AWS after the time that abuse/attacks
were rampant, well-documented, often-discussed, and thus they should
have known that these would be a problem because everyone with a pulse
knew they were a problem.  They allegedly hire smart and clueful people.
Why didn't they design and build and operate with this in mind?

"Hey Bob.... Microsoft has one of those big security centers. Dontchathink we could use one too?"

Some just fire it up and don't use available intelligence. Hopefullythey get better at it. Hopefully.

Why is this even necessary?  Why aren't they pro-actively stopping the
abuse before it's necessary for you (or me, or anyone else) to file
a report?  After all, if we can see it arriving, then they can just
as easily see it leaving.  Why aren't they looking for it and taking
prompt remedial action before any of us have to even lift a finger?


They don't care / Business Decision.

patterns, would have long since figured out how to prevent most of it
from ever escaping their operation.  The only attacks/abuse we should
ever see should be ones that are new/novel, and even those should
stop rather quickly.


Seriously,that would be wonderful.
But you've been around long enough to have developed cynicism.


I'm not arguing with anything you said. Just providing another POV.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by Date: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Previous by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Index(es):
- Date
- Thread