Foreign Attacks (was Re: [Snort-users] Firing off Abuse email based on Snort Traffic)

Chris vze2f6h6 at ...3147...
Fri May 30 08:07:02 EDT 2003




> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of bmcdowell at ...7861...
> Sent: Friday, May 30, 2003 9:58 AM
> To: snort-users at lists.sourceforge.net
> Subject: Foreign Attacks (was Re: [Snort-users] Firing off Abuse email
> based on Snort Traffic)
> 
> 
> I too have noticed that most of the high-scoring offenders appear to be
> Asian.  (Of course, there's no way to know that those Asian haven't been
> somehow hijacked, but that's another topic...)  Since my firm provides a
> mostly-domestic product, I wonder if it wouldn't be best just to black
> hole that whole continent.  Or, for that matter, everything but North
> America.  It seems extreme, but since it shouldn't necessarily cost me
> any business, I haven't totally dismissed it yet.
> 
> As I see it, there is no good reason to pursue (on your own) an attack
> from outside your native land.  I have never imagined myself working
> hand-in-hand with, say, Korean law enforcement to track down a hacker.
> 
> Has anyone else on the list had any positive experiences with foreign
> law enforcement?  Does anyone take a different stance toward foreign
> IP's?
> 
> Just curious...
> 
> 

I know an admin that was hired at a school.  He was there for 3 days and
notice that there system was hacked.  It was actually hacked for about a
year.  They dump mp3s and movies to his server, about 20GBs worth.  The
attackers are from Sweden I think.  He is currently working with the FBI to
track them down.  I would assume that they are working with foreign law
enforcement.  They are currently working on it, so I don't know how it's
going though.  I think that everyone is working well together.

Chris Romano





More information about the Snort-users mailing list