Hi Steve,
To answer you in short:
First, don't answer him in regards to his threat - this will just signify
to him that he's gotten under your skin, and he'll run with it. Just
take good notes.
1. To do anything legally, you're going to have to prove where the attack
came from. If you have a decent working relationship with your local,
state, or federal law enforcement agency and they actually have a
clue (I'm lucky - the Anchorage Police Dept has a high-tech crimes
unit with some of the brightest computer-cops in the country) give
them a call and let them know what's up. Documenting the threat is a
decent start. If these conditions don't exist, then don't count on
much from LE - but it still won't hurt to try. You'll have to
explain stuff to them in plain english, and it'll take a while.
Make sure you have good ocntacts for your upstream providers, so that
if you get whacked, you can call them offline and have them block the
offending traffic, or even hunt it down.
Be sure you can documentand articulate actual damages.
Give your corp. lawyers a heads-up on what might happen, and then keep
them and mgmt. in the loop once it goes down.
2. Yes, you can go kick his ass, but it won't fix anything, and you'll
likely end up in jail, and a civil suit thereafter. Even though
you'd feel better about things immediately, it's probably not a good
long-term solution. (I've been there too, and it sucks not being able
to perform some involuntary dental work on pinheads like this. In my
case though, the jackass had an expired visa, and was wanted by
Australian authorities on some crime, so my buddy the cop called his
buddy the INS agent, who deported the badgu. The Australians also
got an anoymous tip that the badguy was coming back, so they could
throw him a welcome-back party at the airport.)
Helps to know the cops. Oh, and depending on what your company does,
the feds may actually care if you get attacked since everyone is so
ultra-sensitive now to attacks on our infrastructure.
Just my 0.02 worth. Advice is free, so it's probably worth about that
much as well, but I do hope this helps.
Mike Messick
Information Security Architect
Phillips Alaska, Inc.
On Mon, 17 Dec 2001, Steve Nichols wrote:
> We have this yahoo that said if we don't release one of our dns records to
> him he is going to DDos us.
> Then he gave me his business card.
>
> 1. If he does, legally what can we do?
> 2. Can I go and kick his ass?
>
> He has a /15 ( 255.254.0.0 ) ( 2 B's )
> He is leasing the IP's from verio.
> I am going to block the /15
>
>
> Thoughts?
>
> Steve Nichols
> Internet Manager
>
>
> VALLEY INTERNET COMPANY
> 1709 NE 27th Street, Suite C
> McMinnville, Oregon 97128
> 503-565-5030 or 800-909-9078 (toll-free)
> "Pay no attention to the folks behind the curtain..."
> PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
>
---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 14:16:04 PST