I've often though it would be nice to have a site for tracking sites where attacks have come from. One problem is determining if an attack is using spoofed addresses or not. There are other issues like falsified reports. As for addressing some of the problems I see, requireing posters to use verifiable PGP sdignatures would help with some of the integrity issues, but wouldn't fix them all.
I know the probes I've see on my system come from many different systems, and only probe one port per system probing. I'd like to know if X system is doing probes against other systems.
If you find out it's hacking, I'd sugest a nice sturdy firewall built on a 2.2 kernel with IPCHAINS and IPPORTFW. After going live on the net I had some problems with hackers. Placing an IPCHAINS/IPPORTWD based firewall inbetween my systems and the world has really helped secure my home network. It really narrowed down the number of configuration files I have to set security up in. Now if I don't want X site to be able to access my network, I just deny it in the IPCHAINS config. I've got it enabled on a couple of sites due to their sysadmin being in denial or totally clueless. Currrently I only have a couple of ports open, and can open/close ports on an as needed basis. The rest of them are denied without even a NACK.
It's interesting to see all the accesses against services with known problems. I'm surprised how many times someone tries to use a socks proxy server on my firewall when there isn't one available. The other fun thing is the reactions of sysadmins to my telling them their system was compromized. Currently I log all SYN connection request packets, and all packets to some ports. All logging goes via klogd/syslogd so it can be remotely logged on a log host.
As for speed, it seams to be keeping up nicely with a DSL link to the outside, and transfers from my local net to the DMZ net over 100mbit connections.
It may not be a panacea, but it's cheep, and can run on an antiquated system. I'm using a P-100 with 4 PCI slots and 24M Ram, and a 100MB HD.
Design into the system a mirroring system, and code to find the closest host (net time wise). Have servers be forward requests they don't know to higher up servers like what is done for DNS queries. Another thing to design into it is a language selection feature. This is for internationalization. One would be able to download titles in the language of their choice.
I was initially thinking a HTML/CGI front end would have some advantages. Use existing running WWW servers, but dedicated servers would be fastest for processing requests.
One thing to think about is making sure your data is unique. This is to cover your ass copyright wise in case they try to assert copyright. Adding new fields not included in their data, and the internationalization may both help with this.
From the beginning have a copyleft on the DB contents.
Hey, cool! Now I can do the hexapod without worrying about how to get touch sensor inputs into the pilot. Just run into something, and the shock of inpact will be cought. Makes turning a PalmPilot into a RobotPilot much easier.
A society with this level of survalence will need reciprocity in order to survive. I don't see how it could without it. If you collect information on X, you must also make that information you collect available. This means if you place a camera on your street corner, you must also allow others to tap into it's images. If you collect credit information on people, you must allow others to see the information you collect. If you gather and collect store purchace information on customers, you must also allow others to see that information. This would need to be applied accross the board to all sectors of society, from the private citizen through the commercial corporation to all levels of the government.
If you structured the laws so that access to the information you collect must me made freely available, and accessible. Then reciprocity creates a kind of tax on those willing to collect the info. It means thay have to spend lots of money to also make it available to others as well as them selves. I like that. It will make companies think twice about collecting personal information on people.
I'm at a loss as wether the information should be available in it's raw form only, or if conclusions based on the collected information should also be published. I tend twards also forcing the publication of the conclusions. It will help people to know why the data was gathered in the first place.
It does have it's down sides too, only the technological empowered will have the means to do anything with the information, there will be so much of it available. Is this so bad? Also for on going investigations by police, etc, could be hampered, but that may be able to handled some way with possibly a short delay before publication of conclusions.
Slashdot Mirror
I know the probes I've see on my system come from many different systems, and only probe one port per system probing. I'd like to know if X system is doing probes against other systems.
As I said, I only had a couple of ports open, Auth(113) is one of them...
It's interesting to see all the accesses against services with known problems. I'm surprised how many times someone tries to use a socks proxy server on my firewall when there isn't one available. The other fun thing is the reactions of sysadmins to my telling them their system was compromized. Currently I log all SYN connection request packets, and all packets to some ports. All logging goes via klogd/syslogd so it can be remotely logged on a log host.
As for speed, it seams to be keeping up nicely with a DSL link to the outside, and transfers from my local net to the DMZ net over 100mbit connections.
It may not be a panacea, but it's cheep, and can run on an antiquated system. I'm using a P-100 with 4 PCI slots and 24M Ram, and a 100MB HD.
Design into the system a mirroring system, and code to find the closest host (net time wise). Have servers be forward requests they don't know to higher up servers like what is done for DNS queries. Another thing to design into it is a language selection feature. This is for internationalization. One would be able to download titles in the language of their choice.
I was initially thinking a HTML/CGI front end would have some advantages. Use existing running WWW servers, but dedicated servers would be fastest for processing requests.
One thing to think about is making sure your data is unique. This is to cover your ass copyright wise in case they try to assert copyright. Adding new fields not included in their data, and the internationalization may both help with this.
From the beginning have a copyleft on the DB contents.
Hey, cool! Now I can do the hexapod without worrying about how to get touch sensor inputs into the pilot. Just run into something, and the shock of inpact will be cought. Makes turning a PalmPilot into a RobotPilot much easier.
A society with this level of survalence will need reciprocity in order to survive. I don't see how it could without it. If you collect information on X, you must also make that information you collect available. This means if you place a camera on your street corner, you must also allow others to tap into it's images. If you collect credit information on people, you must allow others to see the information you collect. If you gather and collect store purchace information on customers, you must also allow others to see that information. This would need to be applied accross the board to all sectors of society, from the private citizen through the commercial corporation to all levels of the government.
If you structured the laws so that access to the information you collect must me made freely available, and accessible. Then reciprocity creates a kind of tax on those willing to collect the info. It means thay have to spend lots of money to also make it available to others as well as them selves. I like that. It will make companies think twice about collecting personal information on people.
I'm at a loss as wether the information should be available in it's raw form only, or if conclusions based on the collected information should also be published. I tend twards also forcing the publication of the conclusions. It will help people to know why the data was gathered in the first place.
It does have it's down sides too, only the technological empowered will have the means to do anything with the information, there will be so much of it available. Is this so bad? Also for on going investigations by police, etc, could be hampered, but that may be able to handled some way with possibly a short delay before publication of conclusions.