Hello; On May 29, 2007, at 3:48 PM, Al Iverson wrote:
On 5/29/07, Matthew Black <black@csulb.edu> wrote:
What would you do if a major US computer security firm attempted to hack your site's servers and networks? Would you tell the company or let their experts figure it out?
On top of the other suggestions, I would add: Make sure you're really being hacked before complaining. If I had a dollar (or even a nickle) for every "stop hacking my port 80" complaint I've seen in my career, I would currently be in possession of all the currency on this planet.
You might (or might not) be surprised at how many times network types have written me claiming that high bit rate video streams requested by their users were actually UDP DOS attacks or some other kind of attack. Regards Marshall
Automated tools make mistakes. Stateless firewalls, personal desktop alarms, and god knows what else are really great at seeing legitimate FTP, DNS, HTTP and other traffic and making an incorrect assumption that it must be due to something nefarious.
That being said, I have actually seen other networks leak like a sieve due to infected desktops or what not. I've found the quickest way to find out if they are aware was to call them on the phone and ask to speck to their IT help desk or security team.
I'd then also null route the offending IPs, and potentially put in a calendar reminder to consider removing the null route in three months and observing to see if the unwanted traffic continues.
Regards, Al Iverson -- Al Iverson on Spam and Deliverabilty, see http://www.spamresource.com News, stats, info, and commentary on blacklists: http://www.dnsbl.com My personal website: http://www.aliverson.com -- Chicago, IL, USA