Firewall Wizards mailing list archives
Re: How do you fight an attack in progress?
From: Michele Mullins Jordan - Commercial SE-Sun-McLean VA <Michele.Jordan () East Sun COM>
Date: Fri, 19 Sep 1997 15:03:02 -0400 (EDT)
mjr said:
These days I consider myself to be under attack when 2 things occur: 1) there is some kind of potential attack analysis (a scan of some sort, or other fact-gathering) 2) a follow-up is launched based on the previous fact-gathering.
When I was at Sprint doing X.25 traffic analysis for potential fraud, this was exactly our definition. If we saw an address range scan, we then watched the source address to see if they attempted to do anything to the hosts they found. If so, we called the customer. No point in calling them to say that someone may have identified their host existed, but we haven't seen any further activity. Only started the whole "stop delivering those call connection requests!" debate. -Michele
Current thread:
- How do you fight an attack in progress? Grigorof, Adrian (Sep 19)
- Re: How do you fight an attack in progress? Marcus J. Ranum (Sep 19)
- Re: How do you fight an attack in progress? Erik Van Riper (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 19)
- Re: How do you fight an attack in progress? Andy Howard (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 20)
- Re: How do you fight an attack in progress? Neil Readwin (Sep 19)
- Re: How do you fight an attack in progress? John Lines (Sep 23)
- Re: How do you fight an attack in progress? Mark Coleman (Sep 20)
- Re: How do you fight an attack in progress? Joseph S. D. Yao (Sep 22)
- <Possible follow-ups>
- Re: How do you fight an attack in progress? Michele Mullins Jordan - Commercial SE-Sun-McLean VA (Sep 19)
- How do you fight an attack in progress? Grigorof, Adrian (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 19)
- Re: How do you fight an attack in progress? Rik Harris (Sep 23)