Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do you fight an attack in progress?

From: Mark Coleman <mcoleman () borg pulsenet com>
Date: Fri, 19 Sep 1997 20:57:37 -0400
Just my 2 cents worth:  I would do a traceroute and follow up with the
next upstream hop and see what they have to say.  I also think that when
you look up the domain you will get an address of the admin (maybe I am
mistaken on that one), but you may wanna send snailmail to that address
in some sort of formal legal manner.  Just a suggestion.

-Mark C.



Grigorof, Adrian wrote:


Hello everybody,

As the subject line suggests, I'm interested to find how do you fight an
attack in progress. Let's say that your firewall keeps sending you
messages about a scan in progress or something similar. You have the IP
address. You look-up the domain, call the administrator that you found
for that domain and get just a voice mail or a "number disconnected"
message. Worst case: there is no domain associated with that IP address.
The firewall keeps paging you and your adrenaline level grows
exponentially.

So, how do you Wizards deal with such situations?

Adrian
Apprentice Wizard
Previous By Date Next
Previous By Thread Next

Current thread: