Well it seems that the general consensus is to disable or ignore the alerts and just get on with life, and I expect that's what I'll do. But to those that pointed out that port scans are a fact of life, yeah, I get that. I didn't come down in the last shower, and I know it's a big bad scary world out there, but the UTM is intelligent enough that it only raises an alert when a scan is considered particularly egregious. Even with all the script kiddies and other scanners out there, I get an average of less than one port scan alert per week under normal circumstances, not counting the one routine scan that I myself have requested. So when I started getting multiple reports daily, every day, from the same subnet, yeah, it got my attention. Analogously, we get people ringing our front door bell once every couple of weeks, but these folks are standing on our front stoop ringing that bell all day every day, and it chokes my goat to just shrug it off and let them keep doing it.
Turning off any alerts goes against the grain, but as y'all have pointed out, as long as the defenses are in place then stuff bouncing off the walls doesn't really warrant concern.
To those that suggested filtering the alert messages, I have considered that, but I don't currently have any means of filtering based on anything but the mail headers, and the originating address only appears in the body. Still, I may look a little further if I start to twitch because I'm "missing" alerts.
To those that pointed out that the UTM ought to be filtering before detecting, yeah, I get that too, and in fact I have raised it with Sophos, but unfortunately as a non-paying Home Use customer, my voice doesn't carry a lot of weight. I do get that I could probably cobble something together using Open Source and a bunch of cryptic incantations, but frankly, I do enough low-level stuff in my day job - when I get home, I just want to enjoy my internet connection, not spend hours maintaining it. But thanks for the suggestions.
So in summary, I guess it's time to turn off the notifications, stick my virtual fingers in my ears, and start chanting Merry Christmas. Cheers!
It's not a firewall appliance, it's a program that runs on his Windows PC.
Comprehension FAIL. UTM9 is a software firewall on a dedicated box. It's exactly the same software stack as their hardware appliances - the only difference is that the customer supplies the hardware.
So the USPTO awards Fluke a trademark color scheme without defining the actual colors? How does that work? If Sparkfun's next batch of red DMM's is not "red enough" for Fluke's liking, can they claim that their red is actually just a very reddish yellow? How about green - that contains yellow too; technically, the only color not covered by this trademark is primary blue.
Viacom has already shown repeatedly that they don''t give a flying fig about network neutrality anyway. Blocking access to their sites to TW/RR addresses would simply be another example of their cavalier "we're Viacom, and we'll do whatever the hell we like" attitude.
Many folks are moaning because Mozilla made absolutely no mention of the start time until now. Enthusiastic supporters the world over have organized "download parties" on the evening of 6/16, ready to download FF3.0 en masse on the stroke of midnight in their local time zone. Silly, yes, because those organizers should have had enough nouse to realize that there was no way that it could be progressively made available around the world as there's no way to know what timezone any given requester is in, but there you go - that was the expectation.
Mozilla really dropped the ball on this. If they had detailed up front exactly when their "Day" was planned to start, then all this angst could have been avoided. Ideally they should have had a countdown timer on their site so that everyone was on the same page. Announcing the rules after the game has already kicked off was just plain stupid.
Dude, when was the last time you read any (non Murdoch-owned) international newspapers or had a frank conversation with anyone who "ain't from 'round here"? With so many international news sources available on the intarweb these days, there's really no excuse for those roes-colored glasses any more.
A large proportion of Joe Jobs are made possible by lame endpoint SMTP servers which accept incoming mail, close the connection, then check to see if the recipient is valid, and generate an NDR to the address specified in the headers, which are too easily forged.
A properly-configured endpoint server should check addressee validity during the SMTP exchange, and reject the transfer before it even gets into the system, so the spammer's attempt goes nowhere and "Joe" doesn't get an unwarranted NDR.
Of course that doesn't help proxy providers like DynDNS, unless they have some way of authenticating their clients' valid addresses in real time via a direct connection or regular updates.
IANAL, but I think it goes deeper than that. The crime is "unauthorized access of a computer network", so the obvious question is "how is authorisation granted?" If there is any sort of authorization process or statement of limitation - even just a sign which says "free wireless access for our customers" - then this guy cold have been found in breach of it, but if the proprietor set up a completely open network and neither knew nor cared who used it, then where's the lack of authorization?
In summary: if no authorization is required by the owner of the network, then how can one be guilty of unauthorized access?
Slashdot Mirror
P-O-E
We also have a mobile factory that can pave a lane of the highway at about 10 miles per hour. It's actually pretty impressive.
I remember seeing a documentary about it when I was a kid: https://youtu.be/LWcvEB6NYpA?t...
Turning off any alerts goes against the grain, but as y'all have pointed out, as long as the defenses are in place then stuff bouncing off the walls doesn't really warrant concern.
To those that suggested filtering the alert messages, I have considered that, but I don't currently have any means of filtering based on anything but the mail headers, and the originating address only appears in the body. Still, I may look a little further if I start to twitch because I'm "missing" alerts.
To those that pointed out that the UTM ought to be filtering before detecting, yeah, I get that too, and in fact I have raised it with Sophos, but unfortunately as a non-paying Home Use customer, my voice doesn't carry a lot of weight. I do get that I could probably cobble something together using Open Source and a bunch of cryptic incantations, but frankly, I do enough low-level stuff in my day job - when I get home, I just want to enjoy my internet connection, not spend hours maintaining it. But thanks for the suggestions.
So in summary, I guess it's time to turn off the notifications, stick my virtual fingers in my ears, and start chanting Merry Christmas. Cheers!
Doesn't mean it's okay for someone to keep ringing it all day...
Thank you - my point precisely.
It's not a firewall appliance, it's a program that runs on his Windows PC.
Comprehension FAIL. UTM9 is a software firewall on a dedicated box. It's exactly the same software stack as their hardware appliances - the only difference is that the customer supplies the hardware.
So the USPTO awards Fluke a trademark color scheme without defining the actual colors? How does that work? If Sparkfun's next batch of red DMM's is not "red enough" for Fluke's liking, can they claim that their red is actually just a very reddish yellow? How about green - that contains yellow too; technically, the only color not covered by this trademark is primary blue.
Viacom has already shown repeatedly that they don''t give a flying fig about network neutrality anyway. Blocking access to their sites to TW/RR addresses would simply be another example of their cavalier "we're Viacom, and we'll do whatever the hell we like" attitude.
Mozilla really dropped the ball on this. If they had detailed up front exactly when their "Day" was planned to start, then all this angst could have been avoided. Ideally they should have had a countdown timer on their site so that everyone was on the same page. Announcing the rules after the game has already kicked off was just plain stupid.
"Encyclopedia" is to "Wikipedia" as "Library" is to "Line of people at a bus stop".
A properly-configured endpoint server should check addressee validity during the SMTP exchange, and reject the transfer before it even gets into the system, so the spammer's attempt goes nowhere and "Joe" doesn't get an unwarranted NDR.
Of course that doesn't help proxy providers like DynDNS, unless they have some way of authenticating their clients' valid addresses in real time via a direct connection or regular updates.
In summary: if no authorization is required by the owner of the network, then how can one be guilty of unauthorized access?