Security Incidents mailing list archives
Re: Not pulling the plug
From: TMiller () NCIINC COM (Miller, Toby)
Date: Tue, 22 Feb 2000 13:23:24 -0500
I know this may a little late but this could be a sscan.
-----Original Message----- From: Stephen Friedl [SMTP:friedl () MTNDEW COM] Sent: Wednesday, February 16, 2000 10:19 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Not pulling the plug Hello all, For *two days*, an ADMROCKS-compromised machine in New Jersey has been doing a scan for TCP port 5 (what's this?), and the owner of the box refused to pull the plug while he fools with it. What's the best way to handle this? I spoke with him on Monday morning to let him know this is going on, and he had already been working on it, but another customer of mine got scanned again this morning, and he basically refuses to pull the plug. It is no crime to get hacked -- it happened to me -- but to leave a compromised machine on the network for two days seems like an arrogant and inconsiderate thing to your neighbors on the interent. I have sent a note with full logs to the upstream provider asking that this guy get cut off until he can properly secure his machine. Anybody who's been scanned by 12.3.24.2 (ns.rbscc.com) might wish to let the box owner know what you think about it: RBS Computer Corporation 7 Short Hills Avenue Short Hills, NJ 07078 (973) 379-3957 Voice (973) 379-0751 Fax Steve --- Stephen J Friedl|Software Consultant|Tustin, CA| +1 714 544-6561 3B2-kind-of-guy |I speak for me only| KA8CMY |steve () unixwiz net
Current thread:
- Not pulling the plug Stephen Friedl (Feb 16)
- Re: Not pulling the plug thomas lakofski (Feb 17)
- Re: Not pulling the plug Robert Graham (Feb 18)
- Re: Not pulling the plug Niles Mills (Feb 18)
- <Possible follow-ups>
- Re: Not pulling the plug Ruth Milner (Feb 18)
- A few strange scans... Murray, Mike (Feb 20)
- Re: Not pulling the plug Miller, Toby (Feb 22)
- Re: Not pulling the plug David Brumley (Feb 23)
- Re: Not pulling the plug thomas lakofski (Feb 17)