 sj |
||
|
||
Tech: Do you report security alerts?
| katlaughing | 06 Dec 04 - 02:24 AM | |
| mack/misophist | 06 Dec 04 - 10:02 AM | |
| JohnInKansas | 06 Dec 04 - 10:22 AM | |
| wysiwyg | 06 Dec 04 - 10:31 AM | |
|
|
|
||||||||||||||
|
Tech: Do you report security alerts?
|
Share Thread
|
|||||||||||||
|
Subject: Tech: Do you report security alerts? From: katlaughing Date: 06 Dec 04 - 02:24 AM We've had some recent trojan horse attempts according to our Symantec firewall.I've copied the info of each one, so know the ISPs to contact, etc. Have also come up with a clean scan of our system and have taken steps to keep repelling the suckers. I've read what they say about how to report them, etc. but I am still leary of doing so. I hesitate to email any place from which such an attack comes. Have any of you? Does it serve any purpose? Does it help to lessen them? Thanks, kat |
|
Subject: RE: Tech: Do you report security alerts? From: mack/misophist Date: 06 Dec 04 - 10:02 AM Virtually all of these things are spoofed - the return address is false - which makes them almost ompossible for an amature to deal with effectively. Phishing attacks (please verify your credit card/banking information requests) are worth reporting if you see them within a few hours of their arrival. Go to the message or view menu and choose 'show complete headers', then foreward the whole thing to abuse (or security) @ whateverthecompanywebsiteis. If nothing else, the company can close the receiving site. Always send complete headers if you're going to report something. Occasionally, an expert can track them down. I think sam spade has a tool that helps decipher headers. |
|
Subject: RE: Tech: Do you report security alerts? From: JohnInKansas Date: 06 Dec 04 - 10:22 AM If you're getting a lot of firewall hits, it's likely that you have an "exposed" port. A visit to Symantec's Security Site, and letting them "Scan for Security Risks," may show some setting changes you can make to reduce the "visibility" of your setup. (Note that the "Security" scan is something completely different than just getting scanned for virus infection.) The site should ask for permission to attempt to "probe" your firewall. When the scan is completed you should get a rather detailed report of "what's open" and "what's visible," with recommendations of what you can do. The site will also ask for your permission to add the info about "how safe you are" to their "Statistics" page. I generally let them do so. If you look at the statistics before and after your scan, I doubt you'll see that you've made much of a "bump." I would not, in any circumstance I can imagine, attempt to contact an unknown originator of malware. If it's someone acting deliberately, unknown "retaliation" could result. If it's someone who's machine is infected without their knowledge, your "report" will likely get the same response as if someone walked up to you in a public place and said "you smell bad, why don't you take a bath." I have found instances where a specific page on a site I consider "trustworthy" shows evidence of infection. In any such case I usually send a note to the site sysadmin, just as I would report a broken link. Usually that will get a "corrective action," but not always. I usually do contact a known person from whom I receive infected email, but if I don't know them, I just block their email. If I do feel they should be told, I will usually 'phone or use some method other than reply email to let them know. John |
|
Subject: RE: Tech: Do you report security alerts? From: wysiwyg Date: 06 Dec 04 - 10:31 AM If you report, to a business, look them up online for an email addy-- never use any addy's in the infected email itself. ~S~ |
| Share Thread: |