>Agreed. At a previous place of employment, our highly visible web
>server underwent a denial of service attack. We traced it back to a
>dialup account from a small ISP in another state.
27 minutes from first attempted contact until the problem was stopped,
not that bad of a response. Even Domino's Pizza gave its drivers
a full 30 minutes.
Contacting someone at a small ISP is fairly easy (as evidence
by the previous example, even given the slight delay caused
by the restroom). There just aren't that many people to pass
the buck at a small ISP. Trying to reach a person at a Big & Important
company can be much more difficult. In 27 minutes you'd still
be listening to muzak waiting for a generic customer service
representative, because no human is listed as a contact,
at Big & Important to pick up the phone.
Or, heaven forbid, you try to report a security problem with the
Really Big & Important, e.g. a US government computer. Did the General
Accounting Office ask how many people tried to tell the US Military
about computer security breakins, but got the run around? Yes, I know
the US Military has lots, and lots of computer security teams. Some
of them actually know what they are doing. But I didn't know I needed
the correct telephone extension to report an attack against the USA.
As the net has grown, it has gotten much harder to reach a cluefull
person at every type of site; big, small, important, or not. Even
the CERT says they can't handle calls from everyone. The flip-side
is it discourages the few people who used to report problems from
One thing I find missing from many companies' computer security procedures
is what to do when Joe Q. Public calls up and tells your receptionist
someone broke into your computers. Does your receptionist know who
to send the information to if someone called your company?
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation