Firewall Wizards mailing list archives
Re: Recent Attacks
From: Transistor Sister <raven () kalypso cybercom net>
Date: Fri, 18 Feb 2000 17:21:39 -0500 (EST)
On Wed, 16 Feb 2000, Barrett G. Lyon wrote:
You need to figure out who is actually doing the attack and notify their providers with a clean description of what actually took place. If the attack is too big to wait you get on the phone immediately and make it someone else's problem as well. If it is real bad you can even involve your upstream provider(s) and have them put filters in place on their
end
of the network. [ Large providers hate doing this, yet if you bark enough they will listen. ]
What I am finding more and more is that ISPs are less and less willing to disclose any information about their customers. For example, I work for a medium-sized ISP. One of our machines was compromised about 2 weeks ago, and this server was then used to SYN flood and smurf foreign hosts. I traced this address back to a large ISP, who at first completely refused to assist me, and after a hassle, referred me to their operations center in Europe, who referred me back to their US operations center where I started in the first place. My simple request was for the ISP who provided the address to the attacker in the first place, as my goal was to notify them that they had potentially been compromised and to inquire about this ISP's acceptible use policy. It has been 12 days, and still my request has gone unanswered after a series of more requests and ranting. Now I am told that this information will not be relased to me unless my company issues a subpoena for it. Is it me, or is this absolutely rediculous? If ISPs are supposed to assist each other in tracking down and stopping these attacks, and if sharing information about attacks is so important, why are we now playing secret squirrel with each other?
Current thread:
- RE: Recent Attacks, (continued)
- RE: Recent Attacks Troy Henley (Feb 17)
- Re: Recent Attacks Bennett Todd (Feb 17)
- Re: Recent Attacks apotter (Feb 17)
- Re: Recent Attacks blyonpop (Feb 17)
- Re: Recent Attacks Chris Cappuccio (Feb 19)
- RE: Recent Attacks Staggs, Michael (Feb 17)
- Re: Recent Attacks Barney Wolff (Feb 17)
- Re: Recent Attacks Don Kendrick (Feb 19)
- RE: Recent Attacks Staggs, Michael (Feb 19)
- Re: Recent Attacks Steven M. Bellovin (Feb 19)
- Re: Recent Attacks Transistor Sister (Feb 19)
- Recent Attacks andrew . c . howard (Feb 19)
- Re: Recent Attacks Steven M. Bellovin (Feb 20)
- Re: Recent Attacks Ryan Russell (Feb 19)
- Re: Recent Attacks Paul D. Robertson (Feb 21)
- Re: Recent Attacks Ryan Russell (Feb 21)
- Re: Recent Attacks Crispin Cowan (Feb 21)
- Re: Recent Attacks Ryan Russell (Feb 19)
- RE: Recent Attacks Joseph Judge (Feb 21)
- RE: Recent Attacks Troy Henley (Feb 17)
- Re: Recent Attacks Randy B. Samos (Feb 21)
- Re: Recent Attacks Barrett G. Lyon (Feb 23)
- Re: Recent Attacks Transistor Sister (Feb 21)