[geeks] 3com.com IDS idiot: the DNS straw that broke the camel's back

Greg A. Woods woods at weird.com
Wed Feb 27 14:21:47 CST 2002


[ On Wednesday, February 27, 2002 at 11:01:03 (-0800), Tyler Hardison wrote: ]
> Subject: Re: [geeks] 3com.com IDS idiot: the DNS straw that broke the   camel's back
>
> This is too funny. The same thing happens on our Sonicwall VPN all the time. 
> My immediate manager has a fit everytime the reports get emailed to him. I 
> have to talk him down from his tree to keep him from pulling the t1 
> connection.

People who don't deeply understand TCP/IP at the bit level shoudn't even
get near a firewall, let alone an IDS or its reports!  ;-)

> Obviously 3com.com needs some help.  This just goes to show the level of 
> paranoia out there.

Turns out the 3com.com idiots still have their internal network plugged
almost directly into the bare public Internet ("Big Bad Internet(TM)",
aka BBI!).  Some managers down there seem to think they can keep the
hounds at bay by running a voracious IDS.  They seem to be afraid to
(or unable to) simply wall it all off and instead are firewalling all
the source networks they "think" might be a threat.

If anyone thinks that other thread about authentication revealed some
stupidities, I think it pales in comparison!  ;-)

The poor lackey stuck with the job of operating their IDS has supposedly
sent out over 45,000 such complaints in the past couple of weeks!

Can you just imagine?!?!?!?

> I actually know someone in 3com's IT dept. They arent managers but maybe 
> they can help light the pervasive darkness in that IT mess.

Good luck to you and your contact!  They'll need it!  The mentality of
Huge Corporate America is fighting back all the way!  ;-) 

(Supposedly this guy's immediate manager is on sabbatical and his acting
manager is over in Calif., not in MA where he is.)

I can sort of understand how they could have got themselves into this
mess, but it's just too damn funny to see how their big-corporation
mentality is shoving the blame around and avoiding doing anything really
pro-active about it.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods at acm.org>;  <g.a.woods at ieee.org>;  <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>



More information about the geeks mailing list