Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Taiwan server compromise

From: vortex () CAFFEINE ORG UK (Vortex)
Date: Fri, 26 May 2000 21:30:18 +0100

On Fri, 26 May 2000, you wrote:

P.S. 1) I not tried to "verify" weakness for
rest of accounts, but who know?


Even though the system was attacking you, your return attack is still not
within legal boundaries... bear in mind that a system administrator may not
take kindly to the fact you've cracked his system (even if the system in
question was holier than the pope, it's still cracking...)


     2) I send a mail on "service" account
explaining compromise.


If "crakr" has root access, s/he can also read users mail spools - it would be
better to find an off-site contact for the administrator (from whois records of
the domain name, finger, IP whois, etc) and contact them that way - could be an
e-mail address at a remote site, phone/fax number or even address.

If you can't find this, traceroute the site and contact the administrator of
the upstream ISP for the system, they will most likely have contact information
for billing, etc. which they may be willing to use to contact the administrator
on your behalf.

Hope this helps,

--
vortex at caffeine.org.uk | http://www2.caffeine.org.uk/~vortex/
Previous By Date Next
Previous By Thread Next

Current thread: