Snort mailing list archives
RE: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic)
From: "Chris" <vze2f6h6 () verizon net>
Date: Fri, 30 May 2003 11:06:49 -0400
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of bmcdowell () coxhealthplans com Sent: Friday, May 30, 2003 9:58 AM To: snort-users () lists sourceforge net Subject: Foreign Attacks (was Re: [Snort-users] Firing off Abuse email based on Snort Traffic) I too have noticed that most of the high-scoring offenders appear to be Asian. (Of course, there's no way to know that those Asian haven't been somehow hijacked, but that's another topic...) Since my firm provides a mostly-domestic product, I wonder if it wouldn't be best just to black hole that whole continent. Or, for that matter, everything but North America. It seems extreme, but since it shouldn't necessarily cost me any business, I haven't totally dismissed it yet. As I see it, there is no good reason to pursue (on your own) an attack from outside your native land. I have never imagined myself working hand-in-hand with, say, Korean law enforcement to track down a hacker. Has anyone else on the list had any positive experiences with foreign law enforcement? Does anyone take a different stance toward foreign IP's? Just curious...
I know an admin that was hired at a school. He was there for 3 days and notice that there system was hacked. It was actually hacked for about a year. They dump mp3s and movies to his server, about 20GBs worth. The attackers are from Sweden I think. He is currently working with the FBI to track them down. I would assume that they are working with foreign law enforcement. They are currently working on it, so I don't know how it's going though. I think that everyone is working well together. Chris Romano ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic) bmcdowell (May 30)
- <Possible follow-ups>
- RE: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic) Chris (May 30)