Hhhmmm... > Interesting point, I'd say it's an interesting point, all right. How long has this whole 'strike-back' discussion been going on? Hasn't the fallacy (lunacy) of such a tactic already been beat to death? > An email was sent to the IT department at > S1 inquiring about the > spidering but was never responded to, I waited > another 4 days or so, If you don't mind me asking, do you remember the address you used? Here's why I asked the question...I handle some of the more interesting 'abuse@' emails that come into my organization. Even with all the discussion I've seen on the Internet that strongly recommends sending an email to "abuse@" or "security@" within the 'offending' organization, some folks come up with some of the strangest addresses to send reports to. Some send them to 'ipadmin@'...and those that arrive there that have nothing to do with what IPAdmin really does just get sent to the bit bucket. Sometimes, I'll eventually hear about an incident, and call the complainant. I'll get an earful, and when (if) they calm down, I finally try to get the email address that they sent their reports to...only to found out from our email admins that no such account exists. Even using email listing from NSI can be tricky, as a company may not keep the contact info up to date. So, I guess my next question is...if you felt so strongly about the situation, did you ever try calling the company directly, and getting someone in the IT department? I've done that, with quite a bit of success. > At this point, I thought if the situation were > reversed this is would be > very straight forward. From my understanding of the convential wisdom on this issue, attacking someone back often does more harm than good. > They use random machines > that belong to employees > to scan and DoS the site. It almost definitely sounds more like compromised machines than it does a 'spidering' effort. > I wonder if they think that they are untouchable, > and in many cases they may > be. I am going to leave it lay for a while. Unless > anyone has any better > ideas on how to handle it. Maybe they will get > bored. ;-\ Maybe they aren't even doing it intentionally. Have you tried calling the company? __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:03:57 PDT