Harald Santen, van wrote:
>
> I was hoping that after your closing statement you would fill us in on how you'd get
>the cops to spent time on this. I have never gotten them to move on any suspicious
>activity until I could show considerable damages to our systems, resources or
>corporate image (by unveiling information in a damaging way).
>
I've had my home machine hacked a couple of times. It's
effectively a bait machine, but I do serve up some web
pages from it. In the first case the hacking was coming
from a military machine. I received prompt responce to
the notice email, and eventually transfered backups of the
dammages to them. In the second case, the hacking was
coming from an ISP's machine. They tracked the hacker back
to somewhere else and also notified the FBI. I eventually
sent my log copies and backups of the dammage on to the FBI.
I haven't heard anything additional on both cases.
In neither case were any significant damages done. Cleanup
for both took about an half an hour total. (Have you got
them backups? Have you practiced a recovery on your systems?)
The second one prompted me to go to OpenBSD for my web server
machine's OS.
I haven't initiated contact with authorities yet, but have
cooperated with what looked to be ongoing investigations.
The tone of the letters I send are worded with a for your
information emphasis and are politely worded. I also
include some URLs to security related sites.
Bryan Andersen wrote:
> My personal opinion is that bait machines are there for crackers
> to trip over and reveil themselves. Once you've spotted them,
> Let the cops follow them to the real systems that they are breaking
> into.
--
| Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
