Firewall Wizards mailing list archives

Re: How do you fight an attack in progress?

From: Michele Mullins Jordan - Commercial SE-Sun-McLean VA <Michele.Jordan () East Sun COM>
Date: Fri, 19 Sep 1997 15:03:02 -0400 (EDT)

mjr said:

These days I consider myself to be under attack when 2 things occur:
1) there is some kind of potential attack analysis (a scan of some 
      sort, or other fact-gathering)
2) a follow-up is launched based on the previous fact-gathering.


When I was at Sprint doing X.25 traffic analysis for potential fraud, this
was exactly our definition.  If we saw an address range scan, we then watched
the source address to see if they attempted to do anything to the hosts they
found.  If so, we called the customer.  No point in calling them to say that
someone may have identified their host existed, but we haven't seen any further
activity.  Only started the whole "stop delivering those call connection 
requests!" debate.

-Michele

Current thread:

How do you fight an attack in progress? Grigorof, Adrian (Sep 19)
- Re: How do you fight an attack in progress? Marcus J. Ranum (Sep 19)
- Re: How do you fight an attack in progress? Erik Van Riper (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 19)
- Re: How do you fight an attack in progress? Andy Howard (Sep 19)
  - Re: How do you fight an attack in progress? Paul Ferguson (Sep 20)
- Re: How do you fight an attack in progress? Neil Readwin (Sep 19)
  - Re: How do you fight an attack in progress? John Lines (Sep 23)
- Re: How do you fight an attack in progress? Mark Coleman (Sep 20)
  - Re: How do you fight an attack in progress? Joseph S. D. Yao (Sep 22)
- <Possible follow-ups>
- Re: How do you fight an attack in progress? Michele Mullins Jordan - Commercial SE-Sun-McLean VA (Sep 19)
- How do you fight an attack in progress? Grigorof, Adrian (Sep 19)
  - Re: How do you fight an attack in progress? Paul Ferguson (Sep 19)
  - Re: How do you fight an attack in progress? Rik Harris (Sep 23)