Re: Reacting to a server compromise

[Peter Busser <peter () trusteddebian org>]

Hi!

> My question is: Do I report this, and run the risk of the Feds charging
> me because these attacks originated from my subnet? Do I inform the
> owners of the machines that were hacked that their systems have been
> compromised? Judging from the usernames, some of these machines belonged
> to doctors offices, and may contain sensitive information.  Or should I
> just have a nice cup of STFU, and pretend nothing happened?

I can understand that you want to try to stay out of trouble. But I think the
``right thing'' to do is of course to contact the other people as soon as
possible. It makes sense too if you want to stay out of trouble. Because you
clearly show that you care about what happened and want to limit the damage
done to others.

Keeping quiet is what an attacker would do. So you would act like an attacker,
which makes it only harder to stay out of trouble if a few of those hacked
machine owners find out your machine was the cause of the problem.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html