Security Incidents mailing list archives
Re: Not pulling the plug
From: TMiller () NCIINC COM (Miller, Toby)
Date: Tue, 22 Feb 2000 13:23:24 -0500
I know this may a little late but this could be a sscan.
-----Original Message-----
From: Stephen Friedl [SMTP:friedl () MTNDEW COM]
Sent: Wednesday, February 16, 2000 10:19 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Not pulling the plug
Hello all,
For *two days*, an ADMROCKS-compromised machine in New Jersey has been
doing
a scan for TCP port 5 (what's this?), and the owner of the box refused to
pull the plug while he fools with it. What's the best way to handle this?
I spoke with him on Monday morning to let him know this is going on, and
he
had already been working on it, but another customer of mine got scanned
again
this morning, and he basically refuses to pull the plug.
It is no crime to get hacked -- it happened to me -- but to leave a
compromised
machine on the network for two days seems like an arrogant and
inconsiderate
thing to your neighbors on the interent. I have sent a note with full logs
to
the upstream provider asking that this guy get cut off until he can
properly
secure his machine.
Anybody who's been scanned by 12.3.24.2 (ns.rbscc.com) might wish to let
the
box owner know what you think about it:
RBS Computer Corporation
7 Short Hills Avenue
Short Hills, NJ 07078
(973) 379-3957 Voice
(973) 379-0751 Fax
Steve
---
Stephen J Friedl|Software Consultant|Tustin, CA| +1 714 544-6561
3B2-kind-of-guy |I speak for me only| KA8CMY |steve () unixwiz net
Current thread:
- Not pulling the plug Stephen Friedl (Feb 16)
- Re: Not pulling the plug thomas lakofski (Feb 17)
- Re: Not pulling the plug Robert Graham (Feb 18)
- Re: Not pulling the plug Niles Mills (Feb 18)
- <Possible follow-ups>
- Re: Not pulling the plug Ruth Milner (Feb 18)
- A few strange scans... Murray, Mike (Feb 20)
- Re: Not pulling the plug Miller, Toby (Feb 22)
- Re: Not pulling the plug David Brumley (Feb 23)
- Re: Not pulling the plug thomas lakofski (Feb 17)
