What to do if they ignore you

[Skip Carter <skip () taygeta com>]

Hello,

My company provides outsource security management/monitoring services.

In early March we noticed that several of our clients that are in the
same /16 block were getting persistent port 445 probes from a couple
of systems from a very large corporation's satellite office which is
on the same /16 block.

I have repeatedly called the companies security manager (on the US east
coast) and talked to people at the companies headquarters (on the US
west coast).  They take my information (I have shown them firewall logs,
IDS logs, captured packet traces, and honeypot sessions) but nothing is
done about these probes (typically around 1500/day).

We have black-holed connections from the offending network block, but many
of our clients are small and do not have firewalls with the resources to
handle huge lists of blacklisted networks.

It has been over a month now, and nothing has changed.  They seem to be
unable or unwilling to fix their own systems when they have all the
information they could ask for in order to track the problem down.

Does anybody have any suggestions on what to do to make Goliath behave
when you are David ?


-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip () taygeta net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940

Attachment: _bin
Description: