[27239] in North American Network Operators' Group
Re: Compromised boxes
daemon@ATHENA.MIT.EDU (dklindt@ordata.com)
Thu Feb 10 13:29:44 2000
Message-Id: <200002101815.KAA29400@cobra.ordata.com>
From: dklindt@ordata.com
To: nanog@merit.edu
Date: Thu, 10 Feb 2000 10:25:58 -0000
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Reply-To: dklindt@ordata.com
In-reply-to: <Pine.LNX.4.10.10002092326270.25904-100000@redhat1.mmaero.com>
Content-Transfer-Encoding: 7BIT
Errors-To: owner-nanog-outgoing@merit.edu
> > But if anyone does have a compromised box involved in the current round
> > of DDOS, please don't "scorch" it. Assuming you don't mind losing your
> > equipment for a while, give your local FBI office a call and ask if they
> ^^^^^^^^^^^^^^^^
> > want to look at it. They'll tell you whether to leave it running, shut it
> > down gracefully, or just yank the power cord.
>
> But first you'll have to explain to them what a computer is, what unix is,
> what cracking means, etc. I've dealt with the FBI before in cracking
> incidents. It wasn't until I got in touch with someone from the computer
> crimes division in DC that I found an agent with even the smallest
> fraction of a clue. The local and regional offices were useless.
Not so true here in Eugene, OR. We have called the FBI and they came
right over. She had a good crasp of the issues and ideas....The problem
is that they will not do much if the amount of "damage" is less than
$80,000.
