Re: Network attack from S1 Corporation

[H C <keydet89 () yahoo com>]

Hhhmmm...

> Interesting point,

I'd say it's an interesting point, all right.  How
long has this whole 'strike-back' discussion been
going on?  Hasn't the fallacy (lunacy) of such a
tactic already been beat to death?

> An email was sent to the IT department at
> S1 inquiring about the
> spidering but was never responded to, I waited
> another 4 days or so, 

If you don't mind me asking, do you remember the
address you used?  Here's why I asked the question...I
handle some of the more interesting 'abuse@' emails
that come into my organization.  Even with all the
discussion I've seen on the Internet that strongly
recommends sending an email to "abuse@" or "security@"
within the 'offending' organization, some folks come
up with some of the strangest addresses to send
reports to.  Some send them to 'ipadmin@'...and those
that arrive there that have nothing to do with what
IPAdmin really does just get sent to the bit bucket. 
Sometimes, I'll eventually hear about an incident, and
call the complainant.  I'll get an earful, and when
(if) they calm down, I finally try to get the email
address that they sent their reports to...only to
found out from our email admins that no such account
exists.

Even using email listing from NSI can be tricky, as a
company may not keep the contact info up to date. 

So, I guess my next question is...if you felt so
strongly about the situation, did you ever try calling
the company directly, and getting someone in the IT
department?  I've done that, with quite a bit of
success.

> At this point, I thought if the situation were
> reversed this is would be
> very straight forward.

> From my understanding of the convential wisdom on this
issue, attacking someone back often does more harm
than good.

> They use random machines
> that belong to employees
> to scan and DoS the site.

It almost definitely sounds more like compromised
machines than it does a 'spidering' effort.

> I wonder if they think that they are untouchable,
> and in many cases they may
> be. I am going to leave it lay for a while. Unless
> anyone has any better
> ideas on how to handle it. Maybe they will get
> bored. ;-\

Maybe they aren't even doing it intentionally.  

Have you tried calling the company?

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com