|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: What to do if they ignore you
From: Jose Maria Lopez Hernandez (jkerouac
bgsec.com)
Date: Thu Apr 14 2005 - 03:00:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
El mié, 13-04-2005 a las 10:29 -0700, Skip Carter escribió:
> Hello,
>
> My company provides outsource security management/monitoring services.
>
> In early March we noticed that several of our clients that are in the
> same /16 block were getting persistent port 445 probes from a couple
> of systems from a very large corporation's satellite office which is
> on the same /16 block.
>
> I have repeatedly called the companies security manager (on the US east
> coast) and talked to people at the companies headquarters (on the US
> west coast). They take my information (I have shown them firewall logs,
> IDS logs, captured packet traces, and honeypot sessions) but nothing is
> done about these probes (typically around 1500/day).
>
> We have black-holed connections from the offending network block, but many
> of our clients are small and do not have firewalls with the resources to
> handle huge lists of blacklisted networks.
>
> It has been over a month now, and nothing has changed. They seem to be
> unable or unwilling to fix their own systems when they have all the
> information they could ask for in order to track the problem down.
>
> Does anybody have any suggestions on what to do to make Goliath behave
> when you are David ?
Take a look at: http://www.dshield.org and their Fightback program,
maybe is what you are looking for.
Regards.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouacbgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]