[geeks] 3com.com IDS idiot: the DNS straw that broke the camel's back

[Tyler Hardison]

On Monday 25 February 2002 11:49, you wrote:
> OK, so there are a lot of idiots running intrusion detection systems on
> their firewalls now, and many of them don't seem to have a clue about
> real threat analysis and risk assesment, so they get all jumpy when
> their IDS spots any apparent problem, but they don't know how to
> interpret it so they fear for the worst and bury their head in the sand.
> Unfortunately some of them work at big companies and some of them even
> seem to hold the keys to their company's connectivity.

This is too funny. The same thing happens on our Sonicwall VPN all the time. 
My immediate manager has a fit everytime the reports get emailed to him. I 
have to talk him down from his tree to keep him from pulling the t1 
connection.

> One of my customers, a small cable modem ISP with about 5000 users, has
> recently been firewalled by just such an idiot in IT Security at 3com.com.

Obviously 3com.com needs some help.  This just goes to show the level of 
paranoia out there.

<SNIP>
> So now they've firewalled the network containing our caching nameservers
> and squid servers, and as you might guess our customers are complaining
> that they can't get to www.3com.com.  I've threatened to give out their
> IT Security desk phone number to our customers -- too bad it's not 1-800.

I actually know someone in 3com's IT dept. They arent managers but maybe 
they can help light the pervasive darkness in that IT mess.

<SNIP>

Tyler.