RE: hacked server, DDoS bin installed -- To put it another way...

This also depends on the customer and what the server either housed (i.e.
Database of account - credit card #) or it's use(s) (i.e. Web Server with
Websites, web access points, portals, or web mail services) as to what
action(s) to take. The advice earlier given is perfect and should be
followed (document everything) but to add, if the possibility of identity
theft exists they should, as well, notify there customers and/or users to
let them know and take appropriate actions.

--- Rich

-----Original Message-----
From: Ron [mailto:iago@valhallalegends.com] 
Sent: Thursday, December 08, 2005 12:33 PM
Cc: incidents@securityfocus.com
Subject: Re: hacked server, DDoS bin installed -- To put it another way...

A similar question: let's say you stumble upon a DDoS net.  Say, a 
friend leads you there, or you find a server that has 1000 random names 
logged in.  Is it possible to report the server, even though you haven't 
been infected, and if so, how?

naptime@gmail.com wrote:
> a customers server got hacked.. binary in tact, seems like they were
DDoSing.. strings brings up the irc server, channel name, key.. where is the
fbi address where i can send this information to?
> thanks