RE: CRIME User/employment verification

From: Steve Nichols (steven@private)
Date: Thu Sep 12 2002 - 14:13:10 PDT

  • Next message: alan: "RE: CRIME User/employment verification" 

    Yeah, I could but we blow our SLA.
We have a policy in place that states if you are hacked we have the
right to shut off the connection, but this is a HUGE customer...
We would risk loosing the contract.

I ended up writing an acl to block the outbound traffic from that
specific IP, allowing all other.



Steven Nichols
Network and Systems Administrator
Internet and NOC Manager


                   VALLEY INTERNET COMPANY
                1709 NE 27th Street, Suite C
                  McMinnville, Oregon 97128
           503-565-5030 or 800-909-9078 (toll-free)
     "Pay no attention to the folks behind the curtain..."
   PGP: www.viclink.com/~steven/steven.nichols.pgp.txt

-----Original Message-----
From: Quinby, Kris (MED) [mailto:kris.quinby@private] 
Sent: Thursday, September 12, 2002 14:07
To: 'steven@private'; Owner-Crime
Subject: RE: CRIME User/employment verification


Steven,

You are right to ask for logs in any case as the compromised system
could be attacking anyone.  To your point of whether or not you are
around to get the email, if you can't get email, can you turn off a
network connection?

Kris

___________________________________________

Kris Quinby, CISSP
Systems Engineer - Data Center Operations
GE Medical Systems Information Technologies
Email: kris.quinby@private
Phone: 503-531-7190
Fax: 503-531-7001
 
 

-----Original Message-----
From: Steve Nichols [mailto:steven@private]
Sent: Thursday, September 12, 2002 9:56 AM
To: Owner-Crime
Subject: CRIME User/employment verification


Last night one of our T1 customers had his WUFtp hacked.
I received a call from a guy that said he was with the NSA, and that the
compromised system was attacking them. He actually called my cell. Which
is a private, unlisted number..


My question.

Is there a way to verify that an individual actually works for the
government. Can I ask for a badge ID and call a number to verify
employment? I would hate to suspend a T1 customer's data due to a sour
ex-employee, impersonating an employee of the government.

I ended up asking him to email me the log. Which works, but in the off
chance that I'm not around to receive email......

Thanks for any info.

Steven Nichols
Network and Systems Administrator
Internet and NOC Manager


                   VALLEY INTERNET COMPANY
                1709 NE 27th Street, Suite C
                  McMinnville, Oregon 97128
           503-565-5030 or 800-909-9078 (toll-free)
     "Pay no attention to the folks behind the curtain..."
   PGP: www.viclink.com/~steven/steven.nichols.pgp.txt

    This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 14:57:55 PDT