Advice requested

K K kkadow at
Tue May 29 20:44:12 UTC 2007

On 5/29/07, Pete Ehlke <pde+nanog at> wrote:
>>On Tue, 2007-05-29 at 08:21 -0700, Matthew Black wrote:
>> What would you do if a major US computer security firm attempted to
>> hack your site's servers and networks?  Would you tell the company or
>> let their experts figure it out?

Personally, I would treat it like any other attack.  You do have
policy and procedures for responding to intrusions and intrusion

convene your CERT, preserve logs, document the time and other costs,
contact the law enforcement, your lawyers, and their ISP.

> Personally, I would try to find out who at my site- potentially
> including S-OX, PCI, other auditors, and the Board- contracted for
> them to do it.

Even if this were a contracted penetration test, you can't go wrong by
treating it as if this were an actual hostile attack.

If I were conducting a "pen test" and the target had managed to get an
FBI case started and convinced ISP to terminate connectivity due to
AUP violations, I would have to give them straight A's for their
response :)


More information about the NANOG mailing list