Slashdot has an intresting thread on dealing with network intrusion attempts. I can remember, years ago, running early versions of Snort and waiting for attacks just to study them. Now a network is hit hundreds of times a day. The general consensus seems correct - ignore them. The bulk of the hits are likely zombies/trojans/worms/scans - not much to do there. And even if it was done manually, it's likely from a cracked box. I think the only time you can really try and track someone down is if they successfully crack and harm your network.

posted by mt at 10:11

Link:

Professor Anthony’s talk was dramatically different and showed why it was a really smart move to attach a sociologist to Dartmouth’s PKI research group. As security technologists, we’re easily dazzled by our shiny cryptographic swords. But while we’re brandishing our swords, our users — like Indiana Jones in that famous scene from Raiders of the Lost Ark — might simply pull out their guns and shoot us. Better security protocols alone can’t thwart such game-changing behavior. We need to understand what motivates the behavior and figure out which carrots and sticks will influence it.

posted by mt at 08:05