Contacting Giant Corporations?

[danthemanbaxter at gmail.com (Dan Baxter)]

I'll be interested to see your responses to this, as I've got a similar
situation.  I recently identified some IRC Botnet traffic leaving our
corporate network.  I'm blocking it with IPS, but it's all headed to a
specific IP.  I've traced this IP to a physical therapy facility.

I've attempted to contact them twice.  Once I was put through to the owner's
voicemail.  I briefly identified myself as an information security
professional for a corporation and that I had information regarding a server
of theirs that may be hosting malicious software.  I didn't receive a
response.  So, a few days later, I called again.  This time, someone took my
contact information and said their "IT guy" would contact me.  That was over
a week ago and still nothing.

I have a feeling this box is owned six ways to Sunday.  The idea that it's
potentially hosting medical records makes this even worse.  How persistent
should I be in attempting to contact them?


Dan Baxter
-------------------------------------------------
Quis custodiet ipsos custodes?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091019/dfecafd8/attachment.htm