Re: How do you fight an attack in progress?

Mark Coleman (mcolemanborg.pulsenet.com)
Fri, 19 Sep 1997 20:57:37 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Paul D. Robertson: "Re: SSL proxy info"
• Previous message: Paul Ferguson: "Re: How do you fight an attack in progress?"
• In reply to: Andy Howard: "Re: How do you fight an attack in progress?"
• Next in thread: Joseph S. D. Yao: "Re: How do you fight an attack in progress?"
• Reply: Joseph S. D. Yao: "Re: How do you fight an attack in progress?"

Just my 2 cents worth: I would do a traceroute and follow up with the
next upstream hop and see what they have to say. I also think that when
you look up the domain you will get an address of the admin (maybe I am
mistaken on that one), but you may wanna send snailmail to that address
in some sort of formal legal manner. Just a suggestion.

-Mark C.

Grigorof, Adrian wrote:
>
> Hello everybody,
>
> As the subject line suggests, I'm interested to find how do you fight an
> attack in progress. Let's say that your firewall keeps sending you
> messages about a scan in progress or something similar. You have the IP
> address. You look-up the domain, call the administrator that you found
> for that domain and get just a voice mail or a "number disconnected"
> message. Worst case: there is no domain associated with that IP address.
> The firewall keeps paging you and your adrenaline level grows
> exponentially.
>
> So, how do you Wizards deal with such situations?
>
> Adrian
> Apprentice Wizard

• Next message: Paul D. Robertson: "Re: SSL proxy info"
• Previous message: Paul Ferguson: "Re: How do you fight an attack in progress?"
• In reply to: Andy Howard: "Re: How do you fight an attack in progress?"
• Next in thread: Joseph S. D. Yao: "Re: How do you fight an attack in progress?"
• Reply: Joseph S. D. Yao: "Re: How do you fight an attack in progress?"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT