Firewall Wizards mailing list archives
Re: Responsiveness of remote admins
From: Philip S Holt <philipsholt () uswest net>
Date: Wed, 19 May 1999 22:26:59 -0700
Lance Spitzner wrote:
On Wed, 19 May 1999, chuck wrote:
{Earlier content ommited} ...
Realisticly, it's nice to get acknowledgement and it was a really nice feeling when I pointed out some scans to an admin at a college and they found that the host had been compromised because of that. But I can't and don't expect a reply and updates on the situation.You raise some excellent points.
Yes. I'd have to agree.
However, if nothing else, the remote administrators should, as a courtesy, acknowledge receipt of your email.
Yep. I'll elaborate shortly.
Also, on several occasions, I have included logs and key strokes of systems being compromised (such as bof logs or sniffit traces).
I have done the same. In the past three weeks, I have picked up 15 scans, and gone through the extensive process of reporting four. Out of four, three have been acknowledged from the receiving sys admin. These three (all are big gun providers: EarthLink, USWest, Sprint) have all sent me personal replies - so perhaps my experiences and efforts are not true reflections of other engineers efforts, though I share none-the-less.
It can be frustrating when you have documented evidence, and you still hear nothing.
With my three *successes*, I need to add that: Each incident reported took at least 7 emails to the initial contact point ... I sent very comprehensive reports to these three *successes* I also said that I would be happy to help in any way to further along our 'collective efforts' - and in two incidents I received personal replies from correspondig NOC egineers thanking me for my efforts. Currently I am combing through logs from the source end of one of these probes - and those logs came to me from ST. Albans, Hertfordshire, GB. So, for me, extreme persistancy has shown and continues to show successes @ varying degrees. Though, to do this with all scans is ludicrous @ best (not enough time in the week obviously), I'll pick a couple and really go after them ... Two out of three I was give actual case numbers - so I can reference them @ a later date - should I choose to do so.
My intent is not to debate the rights and wrongs of "responsiveness". Rather, to state the fact that, based on my experiences,
Thanks for sharing.
I find smaller organizations more responsive.
In this regard, yes, the initial contact is also much quicker (substantially < 7 emails I'll add)
Larger organizations may be acting on the information I have sent them, I just do not know since I never hear anything back.
Yep - they're tough all right. I suppose in my recent work I have been able to get over the threshold and maintain some sort of on-going commuication - though it has been very frustrating @ times, I'll admit. "Kid of reminds me of the 'Little Engine That Could'. " Philip.
Current thread:
- RE: Scans Observed by Officer Friendly, (continued)
- RE: Scans Observed by Officer Friendly R. DuFresne (May 21)
- RE: Scans Observed by Officer Friendly Jason Ostrom (May 22)
- Re: Scans Observed by Officer Friendly Jonathan Care (May 18)
- Re: Scans Observed by Officer Friendly David C Niemi (May 19)
- Re: Scans Observed by Officer Friendly chuck (May 18)
- Re: Scans Observed by Officer Friendly Randy Grimshaw (May 18)
- Responsiveness of remote admins Lance Spitzner (May 19)
- Re: Responsiveness of remote admins chuck (May 19)
- Re: Responsiveness of remote admins Lance Spitzner (May 19)
- Re: Responsiveness of remote admins Tim Kramer (May 21)
- Re: Responsiveness of remote admins Philip S Holt (May 21)
- Re: Norton AV for Firewalls mht (May 21)
- Re: Scans Observed by Officer Friendly Randy Grimshaw (May 18)
- Re: Responsiveness of remote admins R. DuFresne (May 21)
- Re: Responsiveness of remote admins Craig H. Rowland (May 21)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
- Re: Scans Observed by Officer Friendly Larry Chin (May 21)
- RE: Scans Observed by Officer Friendly James D. Wilson (May 22)