I was recently informed by one of my many users that apparently there was someone using MY server to DoS and attempt brute force attempts against another companies’ services.
Any systems admin would take this to be a serious offense and of course would call to action the many tools we have to find the culprit and put a stop to it.
So, I went about setting up firewall rules to trap the traffic and doing TCP/IP and UDP sniffs on the server looking for anything going to the aforementioned IP block.
What I found was amazing.. wanna know what it was? NOTHING!
The person making these claims has no proof and is blowing smoke up my ass. That, to me, is low. Look if you have a problem with someone who uses my services, that’s fine. But when you drag my reputation through the mud you better have proof of said abuse. However, from what I’m told, you “had the logs” but you “deleted them.” What administrator in their right mind goes on and on for weeks at a time about someone abusing services but deletes the logs? I have an answer: a stupid one. Or for lighter terms, ignorant.
Next time, be sure who you are dealing with doesn’t have the ability to make you look like a dumbass. If it happens again, the carrier of the said ignorant/idiot soul’s services will be contacted and he can explain to them why it is that he has no logs of the said dasterly deed and why he can’t show proof.
Oh, I’m sure he has proof. Proof that he forged.
Next tool please…