North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Advice requested

  • From: Jim Popovitch
  • Date: Tue May 29 18:42:15 2007
  • Domainkey-signature: a=rsa-sha1; s=dk1; d=jimpop.com; c=nofws; q=dns; b=a9UHfyUMnODXwQ4JXrywV1dNVopc/45Jv9YbAifZ6ztIXXDkq9xZAhTT2nEfMEPIO MYhliYlXnHHZ2KjvWfX2XOAnFCmi/CaMyniNttsoYBir/7R2wwn4OzRZdX/ouN1

On Tue, 2007-05-29 at 12:53 -0400, George Imburgia wrote:
> On Tue, 29 May 2007, Matthew Black wrote:
> 
> > What would you do if a major US computer security firm
> > attempted to hack your site's servers and networks?
> > Would you tell the company or let their experts figure
> > it out?
> 
> I'd hold a very public discussion on the matter.

Just a few words of caution.... 

First make sure that it is a hack, and not just a ping or SMTP test
because they are trying to deliver you email.  I did ask for a
definitive of what the OP meant by hack, but haven't seen anything yet.

Secondly, make sure that no one else in your company authorized this.  A
lot of companies do pay outside agencies to test their security.
Security Audits are notorious for being requested by the corporate
Financial personnel, and those are the same folks that the networking
dept communicates the least with (IMHO).

Finally, is it possible that the "hack" was planned behavior or a well
intended mistake?  Years ago, others at $DAYJOB, received customer
provided configuration files to try an emulate a customer problem.  All
sorts of interesting traffic left our network and hit the customers,
after all their configs had all their IPs listed.  The customer's
security department (left hand) called the FBI simply because they
didn't know what their own network department (right hand) was asking
$DAYJOB to do.

-Jim P.