Re: Compromised boxes

[jlewis () lewis org]

On 9 Feb 2000, Sean Donelan wrote:

> But if anyone does have a compromised box involved in the current round
> of DDOS, please don't "scorch" it.  Assuming you don't mind losing your
> equipment for a while, give your local FBI office a call and ask if they
                                   ^^^^^^^^^^^^^^^^
> want to look at it.  They'll tell you whether to leave it running, shut it
> down gracefully, or just yank the power cord.

But first you'll have to explain to them what a computer is, what unix is,
what cracking means, etc.  I've dealt with the FBI before in cracking
incidents.  It wasn't until I got in touch with someone from the computer
crimes division in DC that I found an agent with even the smallest
fraction of a clue.  The local and regional offices were useless.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  Spammers will be winnuked or 
 System Administrator        |  nestea'd...whatever it takes
 Atlantic Net                |  to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________