I'm good now, but it would be nice if the people on the front lines at Global Crossing were even aware what a "Denial of Service" attack was, or that they even have a SOC for incident handling. Once we got redirected into their SOC we were in good hands.
You're "assuming" (anyone remember the Benny Hill assume skit). How many companies - especially large "layered" companies can you name that would even be able to determine what a SOC is on their customer service level. I've seen companies with level2 and level3 layers that couldn't even understand what it was. Perhaps DNS lookups could include such information in the future. It would be nice to nslookup a netblock and get something "relevant" for the security ops as opposed to the standard "abuse" which was largely relevant for mail operations (spam). I'm sure I'm not the only one who has thought about this. Maybe NAP's and NSP's can place contact information somewhere for those with a specific need to contact those with direct knowledge. Then real world sinks in... Ticketing systems, accountability, engineers who would rather be on IRC then cleaning up their nets, etc. Happy holidays all ;) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Enough research will tend to support your conclusions." - Arthur Bloch "A conclusion is the place where you got tired of thinking" - Arthur Bloch 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E