Steve,
I think you missed my point. I was simply suggesting that the attack
need not be directed at a government agency to get a similar call. You
still need some verification that the attack is real and not the pissed
off ex-employee you used in your example.
My point about the email is, if you don't have the connectivity to read
email, do you have the connectivity to shut off a connection. Not the
justification, simply the ability. I think asking for a log to A)
verify the problem exists and B) to some extent verify the authenticity
of the call.
Kris
___________________________________________
Kris Quinby, CISSP
Systems Engineer - Data Center Operations
GE Medical Systems Information Technologies
Email: kris.quinby@private
Phone: 503-531-7190
Fax: 503-531-7001
-----Original Message-----
From: Steve Nichols [mailto:steven@private]
Sent: Thursday, September 12, 2002 2:13 PM
To: Quinby, Kris (MED); 'Owner-Crime'
Subject: RE: CRIME User/employment verification
Yeah, I could but we blow our SLA.
We have a policy in place that states if you are hacked we have the
right to shut off the connection, but this is a HUGE customer...
We would risk loosing the contract.
I ended up writing an acl to block the outbound traffic from that
specific IP, allowing all other.
Steven Nichols
Network and Systems Administrator
Internet and NOC Manager
VALLEY INTERNET COMPANY
1709 NE 27th Street, Suite C
McMinnville, Oregon 97128
503-565-5030 or 800-909-9078 (toll-free)
"Pay no attention to the folks behind the curtain..."
PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
-----Original Message-----
From: Quinby, Kris (MED) [mailto:kris.quinby@private]
Sent: Thursday, September 12, 2002 14:07
To: 'steven@private'; Owner-Crime
Subject: RE: CRIME User/employment verification
Steven,
You are right to ask for logs in any case as the compromised system
could be attacking anyone. To your point of whether or not you are
around to get the email, if you can't get email, can you turn off a
network connection?
Kris
___________________________________________
Kris Quinby, CISSP
Systems Engineer - Data Center Operations
GE Medical Systems Information Technologies
Email: kris.quinby@private
Phone: 503-531-7190
Fax: 503-531-7001
-----Original Message-----
From: Steve Nichols [mailto:steven@private]
Sent: Thursday, September 12, 2002 9:56 AM
To: Owner-Crime
Subject: CRIME User/employment verification
Last night one of our T1 customers had his WUFtp hacked.
I received a call from a guy that said he was with the NSA, and that the
compromised system was attacking them. He actually called my cell. Which
is a private, unlisted number..
My question.
Is there a way to verify that an individual actually works for the
government. Can I ask for a badge ID and call a number to verify
employment? I would hate to suspend a T1 customer's data due to a sour
ex-employee, impersonating an employee of the government.
I ended up asking him to email me the log. Which works, but in the off
chance that I'm not around to receive email......
Thanks for any info.
Steven Nichols
Network and Systems Administrator
Internet and NOC Manager
VALLEY INTERNET COMPANY
1709 NE 27th Street, Suite C
McMinnville, Oregon 97128
503-565-5030 or 800-909-9078 (toll-free)
"Pay no attention to the folks behind the curtain..."
PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 15:01:49 PDT