Security Incidents: Source IP Address Isn't A Conclusion...

[Tyrannis Von Nettesheim <tyrannis () WWC COM>]

Folks:

There's been a lot of talk over where a bunch of the recent rounds of
scanning have come from, this or that particular domain, or machines
concentrated in any general locale. Maybe I'm stating the obvious, but I'm
getting worried that some people out there may believe that a real,
verifiable <PING> IP address is some conclusion as to the source of an
attack, or the potential identity of an attacker. All the IP address can
give you is a -maybe- a place to send complaint e-mail too, and a source of
an attack vector. No more.

This is of particular concern in recent times, to ensure governments around
the world and their enforcement officials don't fall into the trap of
looking at this one piece of information as verifiably conclusive. Security
just ain't that simple. ;)

</$0.02 off>

-T



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"...Far better is it to dare mighty things, to win glorious triumphs
even though checkered by failure than to take rank with those
poor spirits who neither enjoy much nor suffer much because they
live in the gray twilight that knows neither victory nor defeat..."

                                -Theodore Roosevelt, 1899.