Re: What to do if they ignore you

[Harlan Carvey <keydet89 () yahoo com>]

Kyle,

I thought as much (re: see your response below).  To
be honest, I don't think that going around shouting
that the "sky is falling" is going to do a lot to
clear up the FUD in the security community.

The point is that what the OP is seeing doesn't seem
to constitute "intrusion attempts", nor do they seem
to be consuming inordinate amounts of bandwidth. 
So...since the company that these things are
originating from don't seem to be doing anything
*about* it, and the "probes" themselves don't seem to
be causing any harm (ie, firewalls, etc), I think the
best advice we can give the OP is to just file the
necessary documentation and leave it at that.

Crying wolf isn't going to do anyone any good.

> > I'm not sure I see your logic in equating "probes"
> > (from the OP) to "intrusion attempts"...
>
> The idea is to get their attention with a "vigorous
> defense" (or
> whatever the appropriate legalese is) rather than be
> highly specific
> -- consider who would actually be reading the
> letter. You're
> completely correct, port scans aren't intrusion
> attempts (though they
> could potentially be precursors), and the language
> (such as it was)
> really was just off the top of my head. I assume
> that a real lawyer
> would have a much better idea of what should go into
> such a letter
> than I would, anyway.
>
> -- 
> Kyle Maxwell
> [krmaxwell () gmail com]

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------