Re: Advice requested

[Roland Dobbins <rdobbins () cisco com>]

On May 29, 2007, at 8:21 AM, Matthew Black wrote:

> What would you do if a major US computer security firm
> attempted to hack your site's servers and networks?

I think the first thing to do would be to attempt to determine  
whether they were trying to actually 'hack' anything, or whether they  
were doing some kind of hostscanning as part of a survey, or what (or  
even if it's traffic which isn't spoofed - i.e., is it TCP) - i.e.,  
classify the traffic - and then if the activity is annoying/harmful/ 
undesirable, implement appropriate filtering mechanisms to block said  
traffic.

[Of course, various OS, application, and network infrastructure BCPs  
should be implemented so as to combat interactive cracking-type   
activity in the first place.]

The next thing to do would be to contact them directly and ask if  
they're aware of this situation - if so, ask what they're doing and  
ask them to stop if it's annoying/harmful, secondly if they're not  
aware, let them know so that they can see if they've an unauthorized  
individual/group generating the traffic in question, or perhaps have  
systems on their network which have been compromised and are being  
used for illicit activity.

IANAL, but I'd suggest trying to have a conversation before getting  
lawyers involved.  Hopefully, it's just a misunderstanding of some  
sort, and can be resolved amicably.

------------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

You may not be interested in strategy, but strategy is interested in  
you.

                      -- Leon Trotsky