On Tue, Jan 31, 2006 at 01:49:50PM +0000, John Hodrien wrote: > On Tue, 31 Jan 2006, Frank Sweetser wrote: > > >As an employed network nazi myself, I think I can answer that =) > > ;) No offence to network nazis intended (I'm sometimes accused of being one > myself).
None taken =) > Realistically, how many attacks come over UDP? Quite a few. It may be a smaller percentage than TCP, but there's enough SMB attacks, DNS poisoning, etc that you certainly can't ignore it. Just look at all of the (thankfully short-lived) fun that SQL slammer caused with a single UDP packet payload. This is probably drifting a little off topic, but if anyone is interested in really seeing what's going on Out There on the Internet at large, http://www.dshield.org/ and http://isc.sans.org/ provide great statistics and summaries from around the world. > I agree, although sometimes it can be hard to put any case together that will > get results. We've had problems with collaborators (we thankfully have very > flexible policies here) because they'd have endless firewall problems. Yup - it's always harder dealing with the remote sites, isn't it? As Julie mentioned, we had no end of problems dealing with at least one remote site, because we were never really able to open a good channel of communication with their infrastructure admins. Heck, it may be worth if for someone who's had good luck to throw together a whitepaper - "Top 10 Most Effective Arguments for Bribing or Convincing Network Nazis to Help Make AG Go" ;) -- Frank Sweetser fs at wpi.edu | For every problem, there is a solution that WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
