Chris Brenton wrote:
>
> SANS has developed a number of papers and procedures for doing just
> that. Check out:
> http://www.sans.org/giac.htm
That information centers around cleaning up a hacked site performing the
attacks and consists of standard prevention and compromise procedures.
CERT published a report with recommendations but they mainly consist of
1) expect downtime for management, 2) be prepared for the network admins,
and 3) traceback and block for the ISPs.
http://www.cert.org/reports/dsit_workshop.pdf
I believe the poor victim is left with network downtime and lots of long
hours of phone time with upstream ISPs, admins of source networks, and
law enforcement.
Kind of makes me wish I could reach out with a big stick and the
RKA (Remote Kick A$$) protocol.
Also makes me wonder if you should be required to pass a "drivers test"
before being allowed to hook a system to the information superhighway.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
