Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic)

From: "Chris" <vze2f6h6 () verizon net>
Date: Fri, 30 May 2003 11:06:49 -0400





-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-
admin () lists sourceforge net] On Behalf Of bmcdowell () coxhealthplans com
Sent: Friday, May 30, 2003 9:58 AM
To: snort-users () lists sourceforge net
Subject: Foreign Attacks (was Re: [Snort-users] Firing off Abuse email
based on Snort Traffic)


I too have noticed that most of the high-scoring offenders appear to be
Asian.  (Of course, there's no way to know that those Asian haven't been
somehow hijacked, but that's another topic...)  Since my firm provides a
mostly-domestic product, I wonder if it wouldn't be best just to black
hole that whole continent.  Or, for that matter, everything but North
America.  It seems extreme, but since it shouldn't necessarily cost me
any business, I haven't totally dismissed it yet.

As I see it, there is no good reason to pursue (on your own) an attack
from outside your native land.  I have never imagined myself working
hand-in-hand with, say, Korean law enforcement to track down a hacker.

Has anyone else on the list had any positive experiences with foreign
law enforcement?  Does anyone take a different stance toward foreign
IP's?

Just curious...




I know an admin that was hired at a school.  He was there for 3 days and
notice that there system was hacked.  It was actually hacked for about a
year.  They dump mp3s and movies to his server, about 20GBs worth.  The
attackers are from Sweden I think.  He is currently working with the FBI to
track them down.  I would assume that they are working with foreign law
enforcement.  They are currently working on it, so I don't know how it's
going though.  I think that everyone is working well together.

Chris Romano



-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: