Security Incidents mailing list archives

Re: scan log and subsequent response from the host's ISP

From: sec () ORGONE NEGATION NET (Jason Storm)
Date: Fri, 7 Jul 2000 20:21:36 -0700


On Thu, 6 Jul 2000, Brooke, O'Neil wrote:

Hello

      This may be a silly question, but, if this provider does not do
anything to stop attacks targeting your machines, wouldn't you be
justified in retaliating? If these people are actively probing your
firewall, eventually they will find a weakness and get through.


if the isp is in the same country as you are, its definately not legal nor
a good idea to retaliate.  if the attack is noticed, at best you lose your
line, at worst your freedom.

if the isp is from another country, your best bet is to go to your
upstream to get the isp blackholed from your network.

if they refuse, try sending them a registered letter declaring your intent
to sue should they prove unable or unwilling to aid you.

of course, this is where you should be rapping with a legal expert...

-jason storm

Current thread:

Re: Snort SMTP expn-root, (continued)
- - Re: Snort SMTP expn-root Joe McAlerney (Jul 06)
  - Re: Snort SMTP expn-root Bill Pennington (Jul 06)
  - Re: Snort SMTP expn-root dyer (Jul 06)
  - Simultaneous Attacks Harlan S. Barney, Jr. (Jul 06)
    - Re: Simultaneous Attacks Valdis Kletnieks (Jul 07)
    - Re: Simultaneous Attacks Ryan Russell (Jul 07)
    - Ehm... what? (Re: Simultaneous Attacks) Martin Macok (Jul 11)
    - Re: Simultaneous Attacks Richard Bejtlich (Jul 11)
- Re: scan log and subsequent response from the host's ISP Ejovi Nuwere (Jul 06)
- Re: scan log and subsequent response from the host's ISP Brooke, O'Neil (Jul 06)
  - Re: scan log and subsequent response from the host's ISP Jason Storm (Jul 07)
  - 6200/tcp Werner Iknaroff-Zhikovsky (Jul 09)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
  - Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
    - Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
    - Re: scan log and subsequent response from the host's ISP Osvaldo Janeri Filho (Jul 10)
    - Intrusion, WuFTP exploit? David Knaack (Jul 07)
    - Re: scan log and subsequent response from the host's ISP Philipp Buehler (Jul 11)
  - Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 07)
    - Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 10)
    - Re: scan log and subsequent response from the host's ISP Pavel Lozhkin (Jul 10)

(Thread continues...)