I encountered a similar situation a while back. I was being attacked by a NIMDA machine so I thought I would dig around a bit further.
A Languard scan revealed that terminal server was open and that it had a username Administrator, password BLANK! I logged in and changed that straight away, almost certainly committing an offence by doing that. I tried desperately to contact the domain owners, using sources such as register.com to find the owners, and RIPE etc to find who owned the address space, I finally got through to someone who said the owners of that machine had gone bankrupt, so now I was in possession of a decent, (4x833MHZ Xeons, 2048MB of RAM, and around 80GB of disk space) machine which no one wanted responsibility for. The machine was in a three machine workgroup with two other compromised machines. I set up a scheduled task to do a "net send *** YOUR MACHINES ARE COMPROMISED FOR MORE INFO CONTACT [EMAIL PROTECTED]" Thus far I have had no response. But, the machine was also being used to host around 50GB of MP3s and porn, by whoever had compromised it. I removed what I could, after taking snapshots of the system, and various logs from the server. I then closed down the NIMDA virus, disabled the compromised accounts, and sent an email to the register owners of the domain, asking them to contact me. Still no word... Basically, I took a very big risk, one which I would not recommend anyone else taking, that the "MEN IN BLACK" would not come knocking, so far they have not........I done the owners of this machine a "favour" by shutting it off, so it could no longer be of harm to other internet users, so my conscious is clear. I don't know how that would stand up in court, but I do have plenty of evidence to back up my case. Anyway, must go, someone at the door....... JM > -----Original Message----- > From: Brian Gibson [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, February 26, 2002 3:21 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: A question on the law. > > NOPE, hide your identidy. use a payphone drop your ani. go through a few > PBXs. If you choose to notify. Make it hard for them to find you. > > Brian > > >If one where to find, say, 44 networks in one night while war driving, > and > >with net stumbler and windows, is able to jump on those networks using > >those > >networks bandwidth free of charge, is there a way LEGALLY to tell these > >people how bad the security is without getting shot. I don't want to go > to > >jail, I don't want to be called a terrorist, I just want to tune these > >people into a clue...? > > > >I know WEP is weak, it was only supposed to be as "secure" as an > unsecured > >ethernet cable, but atleast it keeps casual drive by hacking at bay! > > > > > > > >_________________________________________________________________ > >Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp.; > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp.; ------------------------------------------------------------ The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
