Your listed casualties: > humphrey.ocean.washington.edu > news.waterford.org > ns0.street.tv > sidhe.mit.edu > rahul.engr.csufresno.edu > auction2.csc.ncsu.edu How do you know that's he hit these machines? Do you have any particular proof? I am very interested in this matter since one of the hosts you have listed is within the computer science department of NC State University, where I have many friends and many contacts. On Sat, 9 Jun 2001, Yotam Rubin wrote: > The problem is that none of the contacts were willing to pursue the matter > legally, I advised everyone *NOT* to remove the compromised box. So all of the hosts have been removed? How have these hosts been compromised? I see nothing out of the ordinary on an nmap but admittedly don't know what to look for. Both the NCSU box and the UNCC box (152.15.21.19) run Solaris though and I'm not up on my Solaris vulnerabilities/exploits. > How can one stop this malicious user? Is it even possible when nobody is > willing to cooperate? Even while writing this letter, this guy is DoS'ing me > from 152.15.21.19. This IP belongs to vertigo.uncc.edu, a machine with UNC-Charlotte. Since it's a Saturday, I could not contact the UNC-Charlotte IT department to contact them regarding this. If you'd like a number to call on Monday, which is most likely the next time they will be reachable, try (704) 687-4285. Also, you might try sending an e-mail to hostmasterat_private, but I don't think it will do much good, but it's the only contact address I can come up with from a cursory glance. Keep logs of what is happening to you because you may need it to force the UNCC admins into action. I wish you luck. --CAE Kujikenaikara! Sub caelo noctis sto quod stellae mihi spem dant. "Just a whisper. I hear it in my ghost." --Major Matoko Kusanagi, "Ghost in the Shell"
This archive was generated by hypermail 2b30 : Sun Jun 10 2001 - 08:09:22 PDT