Re: Source of attack: Russian nuclear facility?

[Richard Johnson <rdump () RIVER COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 12:17 -0600 on 08/08/2000, Al Huger - Mail Account wrote:

> I'm actually curious to see if people here actually contact CERT/CC on a
> regular basis. How responsive are they? I have never actually reported a
> break-in to them, just vulnerabilities. I am very curious about their
> level of service.


I've reported breakins to CERT.  They're as responsive as their ticketing and
review system lets them be.  It sometimes takes a few days or a week, but they
usually acknowledge the reports we make.

However, I really can't say anything about their level of service, since those
who report breakins to CERT are not the customers CERT is servicing. :-)
Besides, there's not really much service they can offer -- we're going to have
to clean up after the breakin ourselves anyway.

All that aside, we're reporting out of an internal sense of duty, mostly
because it's just the right thing to do.  Interestingly, as a side-effect,
we've gotten more intelligible replies from sites that were used to attack us,
or sites our compromised hosts were discovered to have attacked, when we have
Cc:ed CERT or mentioned a CERT tracking number on those reports.


Richard

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm

iQA/AwUBOZIZ4WKSuJuuNAZUEQIA5ACgmTMo3OKcC0dmHy4HlNR5YDjEa8UAnRMg
sb+VPuEcnTvFloiaQIkekpOM
=L+e6
-----END PGP SIGNATURE-----