Re: Responsiveness of remote admins

[Philip S Holt <philipsholt () uswest net>]

Lance Spitzner wrote:

> On Wed, 19 May 1999, chuck wrote:
>
> >

   {Earlier content ommited}    ...

> > Realisticly, it's nice to get acknowledgement and it was a
> > really nice feeling when I pointed out some scans to an admin at
> > a college and they found that the host had been compromised
> > because of that.  But I can't and don't expect a reply and
> > updates on the situation.
>
> You raise some excellent points.

   Yes. I'd have to agree.

>  However, if nothing else, the remote administrators should, as a
> courtesy, acknowledge
> receipt of your email.

   Yep. I'll elaborate shortly.

> Also, on several occasions, I have included logs and key strokes of
> systems being compromised
> (such as bof logs or sniffit traces).

   I have done the same. In the past three weeks, I have picked up 15
scans, and gone through the extensive process of reporting four. Out
of four, three have been acknowledged from the receiving sys admin.
These three (all are big gun providers: EarthLink, USWest, Sprint)
have all sent me personal replies - so perhaps my experiences and
efforts are not true reflections of other engineers efforts, though I
share none-the-less.

>  It can be frustrating when you have documented evidence, and you
> still hear nothing.

   With my three *successes*, I need to add that:
Each incident reported took at least 7 emails to the initial contact
point    ...
I sent very comprehensive reports to these three *successes*
I also said that I would be happy to help in any way to further along
our 'collective efforts' - and in two incidents I received personal
replies from correspondig NOC egineers thanking me for my efforts.
Currently I am combing through logs from the source end of one of
these probes - and those logs came to me from ST. Albans,
Hertfordshire, GB. So, for me, extreme persistancy has shown and
continues to show successes @ varying degrees. Though, to do this with
all scans is ludicrous @ best (not enough time in the week obviously),
I'll pick a couple and really go after them    ...
Two out of three I was give actual case numbers - so I can reference
them @ a later date - should I choose to do so.

> My intent is not to debate the rights and wrongs of
> "responsiveness".  Rather, to state the fact that, based on
> my experiences,

   Thanks for sharing.

> I find smaller organizations more responsive.

   In this regard, yes, the initial contact is also much quicker
(substantially < 7 emails I'll add)

> Larger organizations may be acting on the information I have sent
> them, I just do not know since I never hear anything back.

   Yep - they're tough all right. I suppose in my recent work I have
been able to get over the threshold and maintain some sort of on-going
commuication - though it has been very frustrating @ times, I'll
admit. "Kid of reminds me of the 'Little Engine That Could'. "
Philip.