Advice requested

Jim Popovitch yahoo at
Tue May 29 18:38:40 UTC 2007

On Tue, 2007-05-29 at 12:53 -0400, George Imburgia wrote:
> On Tue, 29 May 2007, Matthew Black wrote:
> > What would you do if a major US computer security firm
> > attempted to hack your site's servers and networks?
> > Would you tell the company or let their experts figure
> > it out?
> I'd hold a very public discussion on the matter.

Just a few words of caution.... 

First make sure that it is a hack, and not just a ping or SMTP test
because they are trying to deliver you email.  I did ask for a
definitive of what the OP meant by hack, but haven't seen anything yet.

Secondly, make sure that no one else in your company authorized this.  A
lot of companies do pay outside agencies to test their security.
Security Audits are notorious for being requested by the corporate
Financial personnel, and those are the same folks that the networking
dept communicates the least with (IMHO).

Finally, is it possible that the "hack" was planned behavior or a well
intended mistake?  Years ago, others at $DAYJOB, received customer
provided configuration files to try an emulate a customer problem.  All
sorts of interesting traffic left our network and hit the customers,
after all their configs had all their IPs listed.  The customer's
security department (left hand) called the FBI simply because they
didn't know what their own network department (right hand) was asking
$DAYJOB to do.

-Jim P.

More information about the NANOG mailing list