Firewall Wizards mailing list archives
Re: How do you fight an attack in progress?
From: Andy Howard <achowar () erenj com>
Date: Fri, 19 Sep 1997 13:36:22 -0500
I'm not a wizard, but would suggest the following........ The scan itself is not dangerous.... just rattling the door knob. Some Web search and indexing sites do this.... there are some legitimate reasons to get the door knob rattled. Now, if you start getting logon attempts... somebody is trying to pick the lock on the door... that's not so good. Your risk assessment should address your several levels of response and that should be folded into your Intrusion Response procedures. If you don't have lots of staff but do have lots of secrets, pull the plug. The other extreme is to just watch and be ready to pull the plug. You could make elaborate areas for the hacker to go into and watch, but most people don't have time. Your management should be able to give some guidance as well....... -------- Grigorof, Adrian wrote:
Hello everybody, As the subject line suggests, I'm interested to find how do you fight an attack in progress. Let's say that your firewall keeps sending you messages about a scan in progress or something similar. You have the IP address. You look-up the domain, call the administrator that you found for that domain and get just a voice mail or a "number disconnected" message. Worst case: there is no domain associated with that IP address. The firewall keeps paging you and your adrenaline level grows exponentially. So, how do you Wizards deal with such situations? Adrian Apprentice Wizard
-- Andy Howard 713-656-4396 achowar () erenj com "Think hard! Think Fast! Think Often! But Think!" The contents of this note are my opinion and should be treated only as that.
Current thread:
- How do you fight an attack in progress? Grigorof, Adrian (Sep 19)
- Re: How do you fight an attack in progress? Marcus J. Ranum (Sep 19)
- Re: How do you fight an attack in progress? Erik Van Riper (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 19)
- Re: How do you fight an attack in progress? Andy Howard (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 20)
- Re: How do you fight an attack in progress? Neil Readwin (Sep 19)
- Re: How do you fight an attack in progress? John Lines (Sep 23)
- Re: How do you fight an attack in progress? Mark Coleman (Sep 20)
- Re: How do you fight an attack in progress? Joseph S. D. Yao (Sep 22)
- <Possible follow-ups>
- Re: How do you fight an attack in progress? Michele Mullins Jordan - Commercial SE-Sun-McLean VA (Sep 19)
- How do you fight an attack in progress? Grigorof, Adrian (Sep 19)
- Re: How do you fight an attack in progress? Paul Ferguson (Sep 19)
- Re: How do you fight an attack in progress? Rik Harris (Sep 23)