Steven,
You are right to ask for logs in any case as the compromised system
could be attacking anyone. To your point of whether or not you are
around to get the email, if you can't get email, can you turn off a
network connection?
Kris
___________________________________________
Kris Quinby, CISSP
Systems Engineer - Data Center Operations
GE Medical Systems Information Technologies
Email: kris.quinby@private
Phone: 503-531-7190
Fax: 503-531-7001
-----Original Message-----
From: Steve Nichols [mailto:steven@private]
Sent: Thursday, September 12, 2002 9:56 AM
To: Owner-Crime
Subject: CRIME User/employment verification
Last night one of our T1 customers had his WUFtp hacked.
I received a call from a guy that said he was with the NSA, and that the
compromised system was attacking them.
He actually called my cell. Which is a private, unlisted number..
My question.
Is there a way to verify that an individual actually works for the
government.
Can I ask for a badge ID and call a number to verify employment?
I would hate to suspend a T1 customer's data due to a sour ex-employee,
impersonating an employee of the government.
I ended up asking him to email me the log. Which works, but in the off
chance that I'm not around to receive email......
Thanks for any info.
Steven Nichols
Network and Systems Administrator
Internet and NOC Manager
VALLEY INTERNET COMPANY
1709 NE 27th Street, Suite C
McMinnville, Oregon 97128
503-565-5030 or 800-909-9078 (toll-free)
"Pay no attention to the folks behind the curtain..."
PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 14:59:47 PDT