[96918] in North American Network Operators' Group
Re: Advice requested
daemon@ATHENA.MIT.EDU (George Imburgia)
Tue May 29 14:08:42 2007
Date: Tue, 29 May 2007 12:53:11 -0400 (EDT)
From: George Imburgia <nanog@armorfirewall.com>
To: Matthew Black <black@csulb.edu>
Cc: nanog@nanog.org
In-Reply-To: <web-13441896@remus.csulb.edu>
Errors-To: owner-nanog@merit.edu
On Tue, 29 May 2007, Matthew Black wrote:
> What would you do if a major US computer security firm
> attempted to hack your site's servers and networks?
> Would you tell the company or let their experts figure
> it out?
I'd hold a very public discussion on the matter.
If their people are intentionally trying to hack your network, they're
probably using proprietary information in violation of some NDAs.
It's also indicative of a larger problem.
If their servers are compromised and are being remotely abused by a third
party, that's something their clients need to know.
If it's a spoof, that should also be publicly exposed and addressed.
