RE: CRIME User/employment verification

From: Steve Nichols (steven@private)
Date: Thu Sep 12 2002 - 14:13:10 PDT

  • Next message: alan: "RE: CRIME User/employment verification"

    Yeah, I could but we blow our SLA.
    We have a policy in place that states if you are hacked we have the
    right to shut off the connection, but this is a HUGE customer...
    We would risk loosing the contract.
    
    I ended up writing an acl to block the outbound traffic from that
    specific IP, allowing all other.
    
    
    
    Steven Nichols
    Network and Systems Administrator
    Internet and NOC Manager
    
    
                       VALLEY INTERNET COMPANY
                    1709 NE 27th Street, Suite C
                      McMinnville, Oregon 97128
               503-565-5030 or 800-909-9078 (toll-free)
         "Pay no attention to the folks behind the curtain..."
       PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
    
    -----Original Message-----
    From: Quinby, Kris (MED) [mailto:kris.quinby@private] 
    Sent: Thursday, September 12, 2002 14:07
    To: 'steven@private'; Owner-Crime
    Subject: RE: CRIME User/employment verification
    
    
    Steven,
    
    You are right to ask for logs in any case as the compromised system
    could be attacking anyone.  To your point of whether or not you are
    around to get the email, if you can't get email, can you turn off a
    network connection?
    
    Kris
    
    ___________________________________________
    
    Kris Quinby, CISSP
    Systems Engineer - Data Center Operations
    GE Medical Systems Information Technologies
    Email: kris.quinby@private
    Phone: 503-531-7190
    Fax: 503-531-7001
     
     
    
    -----Original Message-----
    From: Steve Nichols [mailto:steven@private]
    Sent: Thursday, September 12, 2002 9:56 AM
    To: Owner-Crime
    Subject: CRIME User/employment verification
    
    
    Last night one of our T1 customers had his WUFtp hacked.
    I received a call from a guy that said he was with the NSA, and that the
    compromised system was attacking them. He actually called my cell. Which
    is a private, unlisted number..
    
    
    My question.
    
    Is there a way to verify that an individual actually works for the
    government. Can I ask for a badge ID and call a number to verify
    employment? I would hate to suspend a T1 customer's data due to a sour
    ex-employee, impersonating an employee of the government.
    
    I ended up asking him to email me the log. Which works, but in the off
    chance that I'm not around to receive email......
    
    Thanks for any info.
    
    Steven Nichols
    Network and Systems Administrator
    Internet and NOC Manager
    
    
                       VALLEY INTERNET COMPANY
                    1709 NE 27th Street, Suite C
                      McMinnville, Oregon 97128
               503-565-5030 or 800-909-9078 (toll-free)
         "Pay no attention to the folks behind the curtain..."
       PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
    



    This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 14:57:55 PDT