Security Incidents mailing list archives
Re: Deserting Firewall Operator
From: Tim Kowalsky <webmaster () deltecsolutions com>
Date: Mon, 29 Jan 2001 13:04:41 -0600
I think there are two very important question here which should be asked before everyone starts talking about legal action... 1. Is the former security person "harrassing" (I use the verbiage from the original post) the system operators with messages pointing out insecurities in the firewall config or is he making threats to attack the LAN? (There's a very large difference.) 2. Was the "backdoor" put in place while the security person was still employed and used for remote administration? (Did he/she continue to use it after parting ways with the employer?)
From the sound of the email, the former contractor left in a hurry (and a
contract dispute could be a legitimate reason to do that, arguably...) so without further information it is equally possible that this was not an insidious attempt to keep access after the fact. The forwarded email from the former security person does sound as if he has serious grievances (he feels) with the company, but there isn't anything overtly threatening about it. If anything it sounds more like a political attack (trying to go over the heads of those he had disagreements with and get them in hot water.) Unless he's done more than this, you can't threaten him with legal action... it's not illegal to tell someone that there are security holes in their network... at least hopefully not most places! =) If on the other hand this person is actively attacking (trying to break in and do damage to) the LAN, collect the evidence and take it to the authorities.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi people, I hope I send this message to the right mailinglist. I have been learning everyday since I subscribed to some of the securityfocus mailinglists. At one of our client's company, wher I work as a network system engineer (not security related or responsable, thank god!!) we have a slight problem you might say, I hope somebody can tell me wat to do; the "free-lance" firewall operator/controller had some disagreement with his manager about contracts and deserted his post. But not after (we discoverd this only day's later) he build in a backdoor route to his own cablemodem IP-adres in the router and the firewall. We managed to disable this route immediate after we discovered it. Still he keep's harrassing our system operators (Now also responsable for maintaining security!!) with messages, stating that he still has acces to the internal LAN. He even mailed following message to the country manager of this company; "Hi xxxx It is no longer of my bizz, but the Three Stooges from sysadmin put some major holes in the configuration it is now very easy for people from all over the world to gain access to the companie's LAN,financial database and the websites... i noticed that you don't care much for security and lost the momentum to do much about the king of the hill politics around you. but there are still some people working there that should not suffer from the stupidity of the powergreedy and the lack of action from the none-interested. Have a nice day, his name" Wat to do, when your "guardian" turns on you????? Thank you for your response, Coen Bongers Senior Network Engineer E-mail: CoB () Kikke net -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOnWUT9oWyqAi/3bJEQIikwCfebzcL3IcJF1ZyvPpI/zpzzs2zR4An3Gb 0/XfxjnNBbUDsayEcVUklOPh =JLv3 -----END PGP SIGNATURE-----
Current thread:
- Deserting Firewall Operator Coen Bongers (Jan 29)
- Re: Deserting Firewall Operator Jose Nazario (Jan 29)
- Re: Deserting Firewall Operator Ron Johnson (Jan 29)
- Re: Deserting Firewall Operator Drew Simonis (Jan 29)
- Re: Re: Deserting Firewall Operator Michael Kaegler (Jan 29)
- Re: Deserting Firewall Operator Tim Kowalsky (Jan 29)
- Re: Deserting Firewall Operator Jose Nazario (Jan 29)