NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2005-04

What to do if they ignore you

From: Skip Carter (skiptaygeta.com)
Date: Wed Apr 13 2005 - 12:29:40 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

My company provides outsource security management/monitoring services.

In early March we noticed that several of our clients that are in the
same /16 block were getting persistent port 445 probes from a couple
of systems from a very large corporation's satellite office which is
on the same /16 block.

I have repeatedly called the companies security manager (on the US east
coast) and talked to people at the companies headquarters (on the US
west coast). They take my information (I have shown them firewall logs,
IDS logs, captured packet traces, and honeypot sessions) but nothing is
done about these probes (typically around 1500/day).

We have black-holed connections from the offending network block, but many
of our clients are small and do not have firewalls with the resources to
handle huge lists of blacklisted networks.

It has been over a month now, and nothing has changed. They seem to be
unable or unwilling to fix their own systems when they have all the
information they could ask for in order to track the problem down.

Does anybody have any suggestions on what to do to make Goliath behave
when you are David ?

--
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Network Security Services email: skiptaygeta.net
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.net/
Monterey, CA. 93940

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.6.3 04/04/2003

iQEVAwUBQl1XBA55mXCLeJ33AQFU1wf/bgNwshJdmPpI82q612Ss5gb68RBVfVVz
otpf5S7itTJQVOe6kFhoQM+kZh9S54+Y97+j8xS6RpqnJh1azsi4e547c6Oivz4+
g2I7sSzQsZsgaRYef4PHyqzwObrIwc59apvFT7KKfEuqLB5CHkZR8Mj6z2D32XZy
Slmtm1ubYcP2Jv4E8d/n5c4fjlhj8sPfqRqFOoN5bDz2oqpuQyYusUScGqcR07il
r2qEOqUut3hu/QI/v9r2EUWg6HMffXj3frSmMrfKdEBHNFzNgjQrunUKk/qo3cMU
ntqnNpSoUBuab6xq5f1JJ/iF6Mm78jUlsuZFjBKzLNnD9lWQcVq6qA==
=m1Db
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]