sean at donelan.com
Tue May 29 20:03:31 UTC 2007
On Tue, 29 May 2007, Matthew Black wrote:
> What would you do if a major US computer security firm
> attempted to hack your site's servers and networks?
> Would you tell the company or let their experts figure
> it out?
Contact your internal security and legal folks. Sometimes in large
organizations, a group hires an external security firm to perform an
audit (e.g. PCI, SAS70, etc) without talking to the correct people
elsewhere in their organization.
"Security firms" should conduct due dilegence of the information before
using it, but sometimes they type the wrong numbers or addresses in their
auditing tools. Your internal security and legal folks should send the
appropriate cease and desist letter to the security firm. However, keep
in mind....the following:
Since you didn't actually describe what you consider an attack; in
many cases attacks aren't actually attacks but unusual, but "normal"
network activity which some people aren't familar with. Or there is
always the possibility of spoofed packets and routing, especially of
"brand name" firms, by third parties.
If you can actually prove malicious intent on the part of a brand-name
company, your lawyers will probably be very happy to start tallying their
legal fees. But accidents, stupidity and ignorance explain a lot of
More information about the NANOG