Security Incidents mailing list archives

How to stop a consistent cracker.

From: Yotam Rubin <yotam () makif omer k12 il>
Date: Sat, 9 Jun 2001 23:39:25 +0300

Greetings,

        I have recently had the displeasure of reporting approximately 6
security incidents to various .edu's. The contacted .edu's have been
compromised by by one ^0wn^, a paradigmic script kiddie. His recent victims
include (I do not maintain a full account of actions) 
humphrey.ocean.washington.edu, news.waterford.org, ns0.street.tv, SIDHE.MIT.EDU,
rahul.engr.CSUFresno.EDU and auction2.csc.ncsu.edu. This must come to an end.
The problem is that none of the contacts were willing to pursue the matter
legally, I advised everyone *NOT* to remove the compromised box. Some replied
and tried to explain their motives, and some simply ignored me and removed
the host (A good example for this is the admin of humphrey.ocean.washington.edu)
How can one stop this malicious user? Is it even possible when nobody is 
willing to cooperate? Even while writing this letter, this guy is DoS'ing me 
from 152.15.21.19. 

        Regards, Yotam Rubin

Current thread:

How to stop a consistent cracker. Yotam Rubin (Jun 09)
- Re: How to stop a consistent cracker. Norbert Bollow (Jun 10)
- Re: How to stop a consistent cracker. Chris Ess (Jun 10)
- <Possible follow-ups>
- RE: How to stop a consistent cracker. Andrew van der Stock (Jun 12)