Outstanding!
I received many replies to my post, and they all agreed with what I
did. I'm composing the mail to the offender's likely ISP now. Thanks
everyone for your swift reply! At this time, the offender appears to still
be connected to his ISP.
I suppose the proper reaction would be to:
1. Perform a traceroute to establish the last hop before the offender.
2. Perform a reverse lookup on this node expecting to yield an ISP or some
other form of connection.
3. Run a whois on the results to obtain information on the node.
4. Use this info to contact the appropriate authorities.
If anyone can add to this, please do! I would love to write a standard set
of "reaction rules" to this type of intrusion (or attempted intrusion)
Very Respectfully,
Michael E. Cummins
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
