I'd suggest contacting the sysadmin (NOT the management) at the remote site.
Generally speaking, sysadmins are not keen about their "homes" being used in
ways not of their choosing. Likewise, sysadmins are pretty open to talking
w/ other sysadmins. If you provide him/her a copy of the script, and any
log info you can, they may happily take up the cause of tracking the twit
down from there. If the sysadmin blows you off, either they don't care
about their system (not likely) or perhaps they know who's using it and are
covering for them (I have seen this). If this route hits a dead end you can
always turn to lawyers.
-Larry
-----Original Message-----
From: Willard Flagg [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, February 20, 2001 1:56 PM
To: Kenneth E. Lussier
Cc: [EMAIL PROTECTED]
Subject: Re: Heads up for named?
On Tue, 20 Feb 2001, Kenneth E. Lussier wrote:
> As much as I distrust them, I would contact the FBI about that.
There is
> a very good chance that the system they tried to pull the rootkit
from
> had already been compromised, and the person responsible for that
system
> is completely unaware of the problem. If you sic the lawyers on
them
> first, they may be less likely to cooperate in trying to track the
real
> perpetrator down. The FBI can at least coerce cooperation and
track the
> person back to the originating machine.
>
> Just my $0.001,
> Kenny
If the FBI had actually taken this as a case I wonder just when you
might
expect to get your nameserver back from their evidence locker. Years
I
would guess. Doesn't seem like much of a plan to me. :)
Will Flagg
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
