Re: Compromised boxes

[dklindt () ordata com]

> > But if anyone does have a compromised box involved in the current round
> > of DDOS, please don't "scorch" it.  Assuming you don't mind losing your
> > equipment for a while, give your local FBI office a call and ask if they
>                                    ^^^^^^^^^^^^^^^^
> > want to look at it.  They'll tell you whether to leave it running, shut it
> > down gracefully, or just yank the power cord.
>
> But first you'll have to explain to them what a computer is, what unix is,
> what cracking means, etc.  I've dealt with the FBI before in cracking
> incidents.  It wasn't until I got in touch with someone from the computer
> crimes division in DC that I found an agent with even the smallest
> fraction of a clue.  The local and regional offices were useless.

Not so true here in Eugene, OR. We have called the FBI and they came 
right over. She had a good crasp of the issues and ideas....The problem 
is that they will not do much if the amount of "damage" is less than 
$80,000.