Re: [TCLUG:19184] compromised host netiquette

[Ben Lutgens <ben@sistina.com>]

On Mon, Jun 26, 2000 at 12:02:31PM -0500, Carl Wilhelm Soderstrom wrote:
>>nmap? Are you scanning them? Or do you mean nslookup?
>
>after I noticed it (using ntop), I took a look back at them with nmap
>(couldn't remember nslookup -- didn't have it installed on that
>machine anyway). probably a mediocre idea, I know. 

You could have run a stealth scan -S i think. That may not even show up in the
logs. 

>
>I wrote a polite note about it to admin@wtn.rbm.com; hope I guessed
>the address right. 
>

Yes. I think winnt mail servers have default aliases to admin and
administrator. if it's a linux box you can do root@foo.bar too.


>this type of situation is something that ought to be included in
>various security-HOWTOs. 

Good idea. You could write it up and submit it to the maintainers of said
how-to as a proposal. I am sure the LUG'ers would be glad to submit ideas. I
know I would. 

-- 
Ben Lutgens  Cell: 651.387.9065  Home: 651.703.9541

"I thought Christmas only comes once a year..."
James Bond - The World Is Not Enough
-------------------------------------------------------------------------------­