Global Crossing SOC

J. Oquendo sil at infiltrated.net
Wed Dec 17 14:29:36 CST 2008


>  I'm good now, but it would be nice if the people on the front lines at
> Global Crossing were even aware what a "Denial of Service" attack was, or
> that they even have a SOC for incident handling.  Once we got redirected
> into their SOC we were in good hands.

You're "assuming" (anyone remember the Benny Hill assume skit). How
many companies - especially large "layered" companies can you name
that would even be able to determine what a SOC is on their customer
service level. I've seen companies with level2 and level3 layers
that couldn't even understand what it was.

Perhaps DNS lookups could include such information in the future.
It would be nice to nslookup a netblock and get something "relevant"
for the security ops as opposed to the standard "abuse" which was
largely relevant for mail operations (spam). I'm sure I'm not the
only one who has thought about this. Maybe NAP's and NSP's can
place contact information somewhere for those with a specific
need to contact those with direct knowledge.

Then real world sinks in... Ticketing systems, accountability,
engineers who would rather be on IRC then cleaning up their nets,
etc.

Happy holidays all ;)


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Enough research will tend to support your
conclusions." - Arthur Bloch

"A conclusion is the place where you got
tired of thinking" - Arthur Bloch

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E





More information about the NANOG mailing list