Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What to do if they ignore you

From: Kyle Maxwell <krmaxwell () gmail com>
Date: Thu, 14 Apr 2005 15:44:57 -0500
On 4/14/05, Harlan Carvey <keydet89 () yahoo com> wrote:

Just a thought, but maybe a letter from one of your
client's legal
counsel (something like "intrusion attempts from
your network have
continued despite multiple attempts to warn and we
are forced to
assume this is intentional)


I'm not sure I see your logic in equating "probes"
(from the OP) to "intrusion attempts"...


The idea is to get their attention with a "vigorous defense" (or
whatever the appropriate legalese is) rather than be highly specific
-- consider who would actually be reading the letter. You're
completely correct, port scans aren't intrusion attempts (though they
could potentially be precursors), and the language (such as it was)
really was just off the top of my head. I assume that a real lawyer
would have a much better idea of what should go into such a letter
than I would, anyway.

-- 
Kyle Maxwell
[krmaxwell () gmail com]

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: