Security Incidents mailing list archives
Re: @home: Is *anyone* really home there???
From: rquinn () SEC SPRINT NET (Rob Quinn)
Date: Wed, 1 Mar 2000 13:53:05 -0500
What does an ISP *want* to have reported?
And - what is it you expect to hear back from an ISP? When I complain to another provider I want to know the problem has been taken care of. But as the recipient of many complaints, I'm often in the position of being unable/unwilling to reveal the type of customer information that most people want to hear. Of course that's exactly the kind of info I want to hear back when I complain to another provider! And worse, I know if I send out a response that looks like anything other than a robot response, I'll get pulled into a dozen email debates that take twice as long to resolve as the actual security incident.
It should also be clear that an autoresponse is better than no response at all.
For instance: David - I read your complaint CC'd to Sprint about the scan from one of our customers. They just called me back, they took the machine offline shortly after they discovered it was hacked. Now if you actually knew which customer I was talking about, I would have just revealed some private information that they shared with me as a Sprint employee. It would be nice if our customers responded to complaints, but that's not going to happen, and for all I know they're in the same boat I'm in, dealing with a customer of their own. -- | Opinions are _mine_, facts Rob Quinn | | are facts. (703)689-6582 | | rquinn () sec sprint net | | Sprint Corporate Security |
Current thread:
- Re: Port 65535, (continued)
- Re: Port 65535 Pavel Kankovsky (Mar 04)
- Re: Port 65535 Murray, Mike (Mar 04)
- Re: Port 65535 Richard Bejtlich (Mar 04)
- Re: Port 65535 Keith Pachulski (Mar 06)
- Re: auto-reporting to ISPs wozz () LUVEWE BONCH ORG (Mar 02)
- Re: auto-reporting to ISPs Stuart Staniford-Chen (Mar 06)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 29)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
- Re: @home: Is *anyone* really home there??? William Annis (Mar 03)
- scans with spoofed address (was @home: Is *anyone*...) Russell Fulton (Mar 07)
- Re: @home: Is *anyone* really home there??? Ville (Mar 03)
- ingreslock message Dino Amato (Mar 05)
- Re: ingreslock message Graeme Fowler (Mar 07)
- Re: ingreslock message Dino Amato (Mar 07)