Security Incidents mailing list archives
Re: Incident handling...
From: Ron Gula <rgula () ENTERASYS COM>
Date: Mon, 5 Feb 2001 01:39:21 -0500
I wrote a paper a few years ago on basic incident handling. It's at http://www.securitywizards.com/papers and called "How to Handle and Identify Network Probes". Ron Gula VP IDS Products Enterasys Networks At 09:23 AM 2/5/01 +0800, you wrote:
Dear all, I am currently compiling a paper on incident handling, i.e., actions/steps to be taken when an incident occurs, example would be if a mail bombing occurs, Step 1: nullify the incoming email Step 2: Check the previous saved email of the sender Step 3: configure the router or firewall to block the sender Step 4 and so on and so on. Is there a site where this kind of information could be found? I have checked SANS, CERT and Securityfocus sites and only found incident handling on virus and system compromise, nothing on mail bomb, launchpad, web defacement, DNS attack, syn flooding, DOS, etc. TIA Thanks and regards Kwan Hep Chuen Disclaimer Note. This e-mail and any files transmitted with it is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient, or the person responsible for delivering the e-mail, be advised that you have received this e-mail and any files transmitted with it in error and that any use, dissemination, forwarding, printing or copying of this e-mail and any files transmitted with it is strictly prohibited. If you have received this e-mail and any files transmitted with it in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your co-operation.
Current thread:
- Incident handling... Kwan Hep Chuan (Feb 04)
- Re: Incident handling... Ron Gula (Feb 05)