On May 29, 2007, at 8:21 AM, Matthew Black wrote:
What would you do if a major US computer security firm attempted to hack your site's servers and networks?
I think the first thing to do would be to attempt to determine whether they were trying to actually 'hack' anything, or whether they were doing some kind of hostscanning as part of a survey, or what (or even if it's traffic which isn't spoofed - i.e., is it TCP) - i.e., classify the traffic - and then if the activity is annoying/harmful/ undesirable, implement appropriate filtering mechanisms to block said traffic. [Of course, various OS, application, and network infrastructure BCPs should be implemented so as to combat interactive cracking-type activity in the first place.] The next thing to do would be to contact them directly and ask if they're aware of this situation - if so, ask what they're doing and ask them to stop if it's annoying/harmful, secondly if they're not aware, let them know so that they can see if they've an unauthorized individual/group generating the traffic in question, or perhaps have systems on their network which have been compromised and are being used for illicit activity. IANAL, but I'd suggest trying to have a conversation before getting lawyers involved. Hopefully, it's just a misunderstanding of some sort, and can be resolved amicably. ------------------------------------------------------------------------ Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice You may not be interested in strategy, but strategy is interested in you. -- Leon Trotsky