Security Incidents mailing list archives
Not pulling the plug
From: friedl () MTNDEW COM (Stephen Friedl)
Date: Wed, 16 Feb 2000 07:19:12 -0800
Hello all,
For *two days*, an ADMROCKS-compromised machine in New Jersey has been doing
a scan for TCP port 5 (what's this?), and the owner of the box refused to
pull the plug while he fools with it. What's the best way to handle this?
I spoke with him on Monday morning to let him know this is going on, and he
had already been working on it, but another customer of mine got scanned again
this morning, and he basically refuses to pull the plug.
It is no crime to get hacked -- it happened to me -- but to leave a compromised
machine on the network for two days seems like an arrogant and inconsiderate
thing to your neighbors on the interent. I have sent a note with full logs to
the upstream provider asking that this guy get cut off until he can properly
secure his machine.
Anybody who's been scanned by 12.3.24.2 (ns.rbscc.com) might wish to let the
box owner know what you think about it:
RBS Computer Corporation
7 Short Hills Avenue
Short Hills, NJ 07078
(973) 379-3957 Voice
(973) 379-0751 Fax
Steve
---
Stephen J Friedl|Software Consultant|Tustin, CA| +1 714 544-6561
3B2-kind-of-guy |I speak for me only| KA8CMY |steve () unixwiz net
Current thread:
- Not pulling the plug Stephen Friedl (Feb 16)
- Re: Not pulling the plug thomas lakofski (Feb 17)
- Re: Not pulling the plug Robert Graham (Feb 18)
- Re: Not pulling the plug Niles Mills (Feb 18)
- <Possible follow-ups>
- Re: Not pulling the plug Ruth Milner (Feb 18)
- A few strange scans... Murray, Mike (Feb 20)
- Re: Not pulling the plug Miller, Toby (Feb 22)
- Re: Not pulling the plug David Brumley (Feb 23)
- Re: Not pulling the plug thomas lakofski (Feb 17)