On Tue, 29 May 2007, Matthew Black wrote:
What would you do if a major US computer security firm attempted to hack your site's servers and networks? Would you tell the company or let their experts figure it out?
Contact your internal security and legal folks. Sometimes in large organizations, a group hires an external security firm to perform an audit (e.g. PCI, SAS70, etc) without talking to the correct people elsewhere in their organization. "Security firms" should conduct due dilegence of the information before using it, but sometimes they type the wrong numbers or addresses in their auditing tools. Your internal security and legal folks should send the appropriate cease and desist letter to the security firm. However, keep in mind....the following: Since you didn't actually describe what you consider an attack; in many cases attacks aren't actually attacks but unusual, but "normal" network activity which some people aren't familar with. Or there is always the possibility of spoofed packets and routing, especially of "brand name" firms, by third parties. If you can actually prove malicious intent on the part of a brand-name company, your lawyers will probably be very happy to start tallying their legal fees. But accidents, stupidity and ignorance explain a lot of things.