Foreign Attacks (was Re: [Snort-users] Firing off Abuse email based on Snort Traffic)
vze2f6h6 at ...3147...
Fri May 30 08:07:02 EDT 2003
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of bmcdowell at ...7861...
> Sent: Friday, May 30, 2003 9:58 AM
> To: snort-users at lists.sourceforge.net
> Subject: Foreign Attacks (was Re: [Snort-users] Firing off Abuse email
> based on Snort Traffic)
> I too have noticed that most of the high-scoring offenders appear to be
> Asian. (Of course, there's no way to know that those Asian haven't been
> somehow hijacked, but that's another topic...) Since my firm provides a
> mostly-domestic product, I wonder if it wouldn't be best just to black
> hole that whole continent. Or, for that matter, everything but North
> America. It seems extreme, but since it shouldn't necessarily cost me
> any business, I haven't totally dismissed it yet.
> As I see it, there is no good reason to pursue (on your own) an attack
> from outside your native land. I have never imagined myself working
> hand-in-hand with, say, Korean law enforcement to track down a hacker.
> Has anyone else on the list had any positive experiences with foreign
> law enforcement? Does anyone take a different stance toward foreign
> Just curious...
I know an admin that was hired at a school. He was there for 3 days and
notice that there system was hacked. It was actually hacked for about a
year. They dump mp3s and movies to his server, about 20GBs worth. The
attackers are from Sweden I think. He is currently working with the FBI to
track them down. I would assume that they are working with foreign law
enforcement. They are currently working on it, so I don't know how it's
going though. I think that everyone is working well together.
More information about the Snort-users