PaulDotCom mailing list archives
Contacting Giant Corporations?
From: tadaka at gmail.com (Jason Wood)
Date: Mon, 19 Oct 2009 22:11:31 -0600
Have you tried the abuse email address associated with the company's netblock? I've used that with varying degrees of results. It seems like the larger organizations respond to the address, though you may not get the help you want. However, I have seen it work pretty well. The best experience I've seen was with an extremely large company. The security engineer emailed a summary of the event to the abuse address and had a positive response in short order. Within a week or two the event was fully diagnosed and resolved. Jason On Mon, Oct 19, 2009 at 2:28 PM, Ben Greenfield <bcg at struxural.com> wrote:
I can't divulge a ton of information, but this is the scenario I'm looking at: 1)Client has server that gets malware infection 2)Logs show server reaching out to an IP address for FTP 3)IP used to have a DNS record for a mega corporation 4)Client may be running product that legitimately accesses said IP, or said IP may be compromised under said mega corporations nose or the IP may no longer belong to said corporation. I've tried calling 3 different regional offices of the said corporation looking for someone in either internal audit, internal security, network operations, or public relations. Corporate operators don't seem to want to help out of fear of violating policy of not transferring callers, so I've only been able to get to tech support (who blow this off because its not about said corporations product) and a single person in public relations who isn't returning calls (yet). How would you proceed? At this point I'm just trying to figure out if the corporation does or does not own the IP anymore. I've obviously already tried whois, reverse lookups, google, and the like. I think this also brings up another issue. In this case, I'm not even sure the FTP server is malicious or not, I'm just trying to establish ownership. What if I knew 100% that this thing was hosting malware - it could ruin this corporations public image if that got out - yet this corporation has no clear path for me to report this to them. Obviously, in the hypothetical scenario full disclosure would be an option, but both because I don't know for certain if the IP hosts malware right now, and because I'm under NDA, that is not a responsible or even possible option. So I guess I have two questions on this: The philosophical - what's the best way for an organization to deal with this scenario (ie making themselves available so they don't get embarrassed with a full disclosure)? The applied - If I can't get someone from public relations / network operations / internal audit on the line because of the corporations policies, how would you go forward in establishing ownership? _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091019/fb0f87b1/attachment.htm
Current thread:
- Contacting Giant Corporations? Ben Greenfield (Oct 19)
- Contacting Giant Corporations? Jason Wood (Oct 19)
- Contacting Giant Corporations? Dan Baxter (Oct 19)
- Contacting Giant Corporations? Dave (Oct 20)
- Contacting Giant Corporations? chris mewett (Oct 20)
- Contacting Giant Corporations? Jack Daniel (Oct 20)
- Contacting Giant Corporations? Ben Greenfield (Oct 20)
- Contacting Giant Corporations? Jack Daniel (Oct 20)
- Contacting Giant Corporations? Jack Daniel (Oct 20)