[27192] in North American Network Operators' Group
Re: Compromised boxes
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Wed Feb 9 23:51:52 2000
Date: Wed, 9 Feb 2000 23:29:35 -0500 (EST)
From: jlewis@lewis.org
To: Sean Donelan <sean@donelan.com>
Cc: lucifer@lightbearer.com, nanog@merit.edu
In-Reply-To: <20000210014513.6803.cpmta@c004.sfo.cp.net>
Message-ID: <Pine.LNX.4.10.10002092326270.25904-100000@redhat1.mmaero.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On 9 Feb 2000, Sean Donelan wrote:
> But if anyone does have a compromised box involved in the current round
> of DDOS, please don't "scorch" it. Assuming you don't mind losing your
> equipment for a while, give your local FBI office a call and ask if they
^^^^^^^^^^^^^^^^
> want to look at it. They'll tell you whether to leave it running, shut it
> down gracefully, or just yank the power cord.
But first you'll have to explain to them what a computer is, what unix is,
what cracking means, etc. I've dealt with the FBI before in cracking
incidents. It wasn't until I got in touch with someone from the computer
crimes division in DC that I found an agent with even the smallest
fraction of a clue. The local and regional offices were useless.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or
System Administrator | nestea'd...whatever it takes
Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
