CR worm infection attempts
John (EBo) David
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 10 Aug 2001 22:19:25 -0700
Kim Allen wrote:
>
> I've been contacting the sites that my server logs shows that have been
> hitting me with the code red signature and so far no one has bothered to
> respond except for one. However that site has told me how secure they are
> and how there is no way that they have any problems. When I sent them the
> portions of my server logs showing they do have problem they threaten
> legal action. Anyone else have had this type of response?
did you send them the server logs only or did you try telnetting to teir
port. As long as you did not try to gain access to their machine they
should not have a legal leg to stand on -- *you* are the one being
hacked and the finger points to them. I would tell them that if anyone
is going to sue anyone it will be you sueing them to get them to cleam
up their act. Theirs was a totally inappropriate response...
My guess is that you talked to the sysadmin and they are under threat of
termination if the system becomes infected. I know of several sysadmin
positions that have that as a contract clause. I would be tempted to do
the following: contact the president/owner of the company and tell them
about your warm reception and explain that you did not want to make a
fuss you were informing them that your server is being attacked from
*their* machines, and if they are going to make threats then you would
be most happy to make a formal report/complaint to the special task
force in Arizona which deals with internet hacking, virus's and worms...
EBo --