Re: [incidents] What to do if they ignore you

[Tim Kennedy <tim () timkennedy net>]

On Wed, 13 Apr 2005, Skip Carter wrote:

> <snip>talked to sec-mgr, supplied logs</snip>
> <snip>blackhole, client fw's can't handle BL list</snip>
> <snip>unresponsive 1 month + </snip>
>
> Does anybody have any suggestions on what to do to make Goliath behave
> when you are David ?

Hi Skip,

It's very hard to threaten blackholing someone when you're much smaller
than them, and your customers may not be a significant userbase of 
Goliath, Inc.

Whatever the reason, once you realize that probes/attacks are continuing,
and you're not getting anything done about it, you're free to follow other
avenues of remediation.  

You could try escalating your case within Goliath, Inc.  Talk to the 
VP of Operations or Engineering.  Talk to the CIO.  They might be able
to accomplish something.  Even try talking to one of their NOC staff, or
a security engineer, rather than a manager.

Is their IP space a direct allocation from ARIN, or do they have an upstream
provider that you can go to?  They may be in violation of their upstreams
TOS, and may respond more actively to someone who can pressure them with 
a little more weight.

Is the activity in volation of local or federal law?  You might be able to 
have the authorities put some pressure on them if it is.  Depending on the 
case load of the LEO's involved, something may or may not get done.

Good Luck,

-Tim

-- 
Tim Kennedy                     ||      There are 10 types of people on Earth.
http://public.xdi.org/=tck      ||      Those who understand binary,
tim () timkennedy net              ||      and those who don't.

Attachment: _bin
Description: