Re: Network attack from S1 Corporation

From: H C (keydet89at_private)
Date: Thu Jul 26 2001 - 13:38:28 PDT

  • Next message: George Bakos: "(Fwd) RE: logs"

    Hhhmmm...
    
    > Interesting point,
    
    I'd say it's an interesting point, all right.  How
    long has this whole 'strike-back' discussion been
    going on?  Hasn't the fallacy (lunacy) of such a
    tactic already been beat to death?
    
    > An email was sent to the IT department at
    > S1 inquiring about the
    > spidering but was never responded to, I waited
    > another 4 days or so, 
    
    If you don't mind me asking, do you remember the
    address you used?  Here's why I asked the question...I
    handle some of the more interesting 'abuse@' emails
    that come into my organization.  Even with all the
    discussion I've seen on the Internet that strongly
    recommends sending an email to "abuse@" or "security@"
    within the 'offending' organization, some folks come
    up with some of the strangest addresses to send
    reports to.  Some send them to 'ipadmin@'...and those
    that arrive there that have nothing to do with what
    IPAdmin really does just get sent to the bit bucket. 
    Sometimes, I'll eventually hear about an incident, and
    call the complainant.  I'll get an earful, and when
    (if) they calm down, I finally try to get the email
    address that they sent their reports to...only to
    found out from our email admins that no such account
    exists.
    
    Even using email listing from NSI can be tricky, as a
    company may not keep the contact info up to date. 
    
    So, I guess my next question is...if you felt so
    strongly about the situation, did you ever try calling
    the company directly, and getting someone in the IT
    department?  I've done that, with quite a bit of
    success.
    
    > At this point, I thought if the situation were
    > reversed this is would be
    > very straight forward.
    
    From my understanding of the convential wisdom on this
    issue, attacking someone back often does more harm
    than good.
    
    > They use random machines
    > that belong to employees
    > to scan and DoS the site.
    
    It almost definitely sounds more like compromised
    machines than it does a 'spidering' effort.
    
    > I wonder if they think that they are untouchable,
    > and in many cases they may
    > be. I am going to leave it lay for a while. Unless
    > anyone has any better
    > ideas on how to handle it. Maybe they will get
    > bored. ;-\
    
    Maybe they aren't even doing it intentionally.  
    
    Have you tried calling the company?
    
    __________________________________________________
    Do You Yahoo!?
    Make international calls for as low as $.04/minute with Yahoo! Messenger
    http://phonecard.yahoo.com/
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:03:57 PDT