Couldn't you contact the user before hand?
Scenario:
I call my user from whos account I see some suspicous activity. "Hey,
there has been some strange stuff going on with your name on it. You may
have been hacked, we need to change your password and maybe even the
login". Now, if this is your hacker, my guess is he/she will think, "Holy
crap, they are watching me. I'll change my password and quit what I'm
doing before I get into trouble!". If the account was comprimised, my
guess is Joe Hacker assumed the user has changed his/her password for some
reason and either a: [stupid hacker] hack the new password and continue
as he/she was doing and then we can log everything he/she does and
possibly catch them or b: [smart hacker] he/she goes away suspecting the
password was changed because the user might think he/she has been hacked.
Thoughts on this?
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Tue, 20 Jul 1999, Jason wrote:
> At 11:59 AM 7/20/99 -0400, you wrote:
> >Just to side-track this thread a little - I just received a call from
> >someone in California, who said that one of our local dialup Internet
> >customers was hacking his system! We determined who the customer was, but
> >the problem is, what should our next step be? There are no local laws
>
> What information did he give you to verify that it was indeed a
> hack attempt ?
>
> >regarding hacking. Simply disabling the dialup account might open ourselves
> >up to a lawsuit from the customer, particularly as we are the only providers
> >of Internet service on the island (Grenada, West Indies).
>
> You can cancel the account and wait till the customer calls. And
> explain to the customer that because of abuse of your company's policy that
> his account has been canceled.
>
> - Jason
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
