Firewall Wizards mailing list archives
Re: Responsiveness of remote admins
From: Lance Spitzner <spitzner () dimension net>
Date: Wed, 19 May 1999 13:26:33 -0400 (EDT)
On Wed, 19 May 1999, chuck wrote:
On the other hand I, as an employee of a company that has nothing to do with you, often cannot report anything to you. I've been involved in things where a dozen reports come in that often leads us to watch someone more closely and THAT evidence is used to terminate a user/employee. (it's legal to scan our own network - "tcpdump host 10.9.8.7" is legal). You and others provide 'probable cause' but that's it. No offense but bluntly, it's none of your business (especially with a simple (legal) scan). If you report that a green van is driving erratically, the police aren't going to report back to you that they stopped it 30 miles later and found it full of stolen racoon bondage gear. Or that nothing happened. Realisticly, it's nice to get acknowledgement and it was a really nice feeling when I pointed out some scans to an admin at a college and they found that the host had been compromised because of that. But I can't and don't expect a reply and updates on the situation.
You raise some excellent points. However, if nothing else, the remote administrators should, as a courtesy, acknowledge receipt of your email. Also, on several occasions, I have included logs and key strokes of systems being compromised (such as bof logs or sniffit traces). It can be frustrating when you have documented evidence, and you still hear nothing. My intent is not to debate the rights and wrongs of "responsiveness". Rather, to state the fact that, based on my experiences, I find smaller organizations more responsive. Larger organizations may be acting on the information I have sent them, I just do not know since I never hear anything back. Lance Spitzner http://www.enteract.com/~lspitz/papers.html Internetworking & Security Engineer Dimension Enterprises Inc
Current thread:
- Re: Scans Observed by Officer Friendly, (continued)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 18)
- RE: Scans Observed by Officer Friendly Aaron Lewter (May 21)
- RE: Scans Observed by Officer Friendly R. DuFresne (May 21)
- RE: Scans Observed by Officer Friendly Jason Ostrom (May 22)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 18)
- Re: Scans Observed by Officer Friendly David C Niemi (May 19)
- Re: Scans Observed by Officer Friendly Randy Grimshaw (May 18)
- Responsiveness of remote admins Lance Spitzner (May 19)
- Re: Responsiveness of remote admins chuck (May 19)
- Re: Responsiveness of remote admins Lance Spitzner (May 19)
- Re: Responsiveness of remote admins Tim Kramer (May 21)
- Re: Responsiveness of remote admins Philip S Holt (May 21)
- Re: Norton AV for Firewalls mht (May 21)
- Re: Scans Observed by Officer Friendly Larry Chin (May 21)
- RE: Scans Observed by Officer Friendly James D. Wilson (May 22)