[27171] in North American Network Operators' Group
Compromised boxes
daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Feb 9 20:49:06 2000
Date: 9 Feb 2000 17:45:13 -0800
Message-ID: <20000210014513.6803.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: lucifer@lightbearer.com
From: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 09 February 2000, lucifer@lightbearer.com wrote:
> (BTW, the box in question was taken off-net, and is currently being given
> the scorched-earth treatment; the person in question will be undergoing
> education in security principles from a veteran operator, and realizes
> that the compromise was made possible by their own negligence... now.)
Of course those are their boxes to do what they want with.
But if anyone does have a compromised box involved in the current round
of DDOS, please don't "scorch" it. Assuming you don't mind losing your
equipment for a while, give your local FBI office a call and ask if they
want to look at it. They'll tell you whether to leave it running, shut it
down gracefully, or just yank the power cord.
Hopefully the FBI will work and play well with others, and not do annoying
things like seize equipment. They've said they wanted to create a
"partnership" with the community before, but maybe this time they mean it.
