Advice requested

Sean Donelan sean at
Tue May 29 20:03:31 UTC 2007

On Tue, 29 May 2007, Matthew Black wrote:
> What would you do if a major US computer security firm
> attempted to hack your site's servers and networks?
> Would you tell the company or let their experts figure
> it out?

Contact your internal security and legal folks.  Sometimes in large 
organizations, a group hires an external security firm to perform an 
audit (e.g. PCI, SAS70, etc) without talking to the correct people
elsewhere in their organization.

"Security firms" should conduct due dilegence of the information before
using it, but sometimes they type the wrong numbers or addresses in their 
auditing tools.  Your internal security and legal folks should send the 
appropriate cease and desist letter to the security firm.  However, keep
in mind....the following:

Since you didn't actually describe what you consider an attack; in 
many cases attacks aren't actually attacks but unusual, but "normal" 
network activity which some people aren't familar with.  Or there is 
always the possibility of spoofed packets and routing, especially of 
"brand name" firms, by third parties.

If you can actually prove malicious intent on the part of a brand-name 
company, your lawyers will probably be very happy to start tallying their 
legal fees.  But accidents, stupidity and ignorance explain a lot of 

More information about the NANOG mailing list