I wrote a paper a few years ago on basic incident handling. It's
at http://www.securitywizards.com/papers and called "How to Handle
and Identify Network Probes".
Ron Gula
VP IDS Products
Enterasys Networks
At 09:23 AM 2/5/01 +0800, you wrote:
>Dear all,
>
>I am currently compiling a paper on incident handling, i.e., actions/steps
>to be taken when an incident occurs, example would be if a mail bombing
>occurs,
>Step 1: nullify the incoming email
>Step 2: Check the previous saved email of the sender
>Step 3: configure the router or firewall to block the sender
>Step 4 and so on and so on.
>
>Is there a site where this kind of information could be found?
>I have checked SANS, CERT and Securityfocus sites and only found incident
>handling on virus and system compromise, nothing on mail bomb, launchpad,
>web defacement, DNS attack, syn flooding, DOS, etc.
>
>TIA
>
>Thanks and regards
>Kwan Hep Chuen
>
>Disclaimer Note.
>
>This e-mail and any files transmitted with it is confidential and
>intended solely for the use of the individual or entity to whom it
>is addressed. If you are not the intended recipient, or the person
>responsible for delivering the e-mail, be advised that you have
>received this e-mail and any files transmitted with it in error and
>that any use, dissemination, forwarding, printing or copying of this
>e-mail and any files transmitted with it is strictly prohibited.
>If you have received this e-mail and any files transmitted with it in
>error, please advise the sender immediately by reply e-mail and delete
>this message. Thank you for your co-operation.
>
>
>
Received on Feb 05 2001
Intro
