[96941] in North American Network Operators' Group
Re: Advice requested
daemon@ATHENA.MIT.EDU (Roy)
Tue May 29 16:50:57 2007
Date: Tue, 29 May 2007 11:18:05 -0700
From: Roy <r.engehausen@gmail.com>
Cc: nanog@nanog.org
In-Reply-To: <web-13441896@remus.csulb.edu>
Errors-To: owner-nanog@merit.edu
Matthew Black wrote:
>
> What would you do if a major US computer security firm
> attempted to hack your site's servers and networks?
> Would you tell the company or let their experts figure
> it out?
>
> matthew black
> network services
> california state university, long beach
>
What happened to me one time was that one of my hosting customers hired
a firm to do a security check on their website. This company ran a
whole battery of penetration tests against the server. The bad news is
that the customer never told us this was going to happen. The good news
was that we detected the "attack" and blackholed the tester's IP
address. :-) We passed with flying colors.
Better check with your management to make sure that they haven't
authorized something.
Roy
