Advice requested

Tue May 29 23:36:01 UTC 2007

Hello;

On May 29, 2007, at 3:48 PM, Al Iverson wrote:

>
> On 5/29/07, Matthew Black <black at csulb.edu> wrote:
>>
>> What would you do if a major US computer security firm
>> attempted to hack your site's servers and networks?
>> Would you tell the company or let their experts figure
>> it out?
>
> On top of the other suggestions, I would add: Make sure you're really
> being hacked before complaining. If I had a dollar (or even a nickle)
> for every "stop hacking my port 80" complaint I've seen in my career,
> I would currently be in possession of all the currency on this planet.
>

You might (or might not) be surprised at how many times network types  
have
written me claiming that high bit rate video streams requested by  
their users were actually
UDP DOS attacks or some other kind of attack.

Regards
Marshall

> Automated tools make mistakes. Stateless firewalls, personal desktop
> alarms, and god knows what else are really great at seeing legitimate
> FTP, DNS, HTTP and other traffic and making an incorrect assumption
> that it must be due to something nefarious.
>
> That being said, I have actually seen other networks leak like a sieve
> due to infected desktops or what not. I've found the quickest way to
> find out if they are aware was to call them on the phone and ask to
> speck to their IT help desk or security team.
>
> I'd then also null route the offending IPs, and potentially put in a
> calendar reminder to consider removing the null route in three months
> and observing to see if the unwanted traffic continues.
>
> Regards,
> Al Iverson
> -- 
> Al Iverson on Spam and Deliverabilty, see http://www.spamresource.com
> News, stats, info, and commentary on blacklists: http://www.dnsbl.com
> My personal website: http://www.aliverson.com   --   Chicago, IL, USA