On May 29, 2007, at 8:21 AM, Matthew Black wrote:
What would you do if a major US computer security firm
attempted to hack your site's servers and networks?
I think the first thing to do would be to attempt to determine
whether they were trying to actually 'hack' anything, or whether they
were doing some kind of hostscanning as part of a survey, or what (or
even if it's traffic which isn't spoofed - i.e., is it TCP) - i.e.,
classify the traffic - and then if the activity is annoying/harmful/
undesirable, implement appropriate filtering mechanisms to block said
traffic.
[Of course, various OS, application, and network infrastructure BCPs
should be implemented so as to combat interactive cracking-type
activity in the first place.]
The next thing to do would be to contact them directly and ask if
they're aware of this situation - if so, ask what they're doing and
ask them to stop if it's annoying/harmful, secondly if they're not
aware, let them know so that they can see if they've an unauthorized
individual/group generating the traffic in question, or perhaps have
systems on their network which have been compromised and are being
used for illicit activity.
IANAL, but I'd suggest trying to have a conversation before getting
lawyers involved. Hopefully, it's just a misunderstanding of some
sort, and can be resolved amicably.
------------------------------------------------------------------------
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
You may not be interested in strategy, but strategy is interested in
you.
-- Leon Trotsky
