Re: [plug] ip address trace route

Tue, 11 Sep 2001 04:25:37 -0700 

On Tue, Sep 11, 2001 at 06:47:27PM +0800, Fritz Mesedilla wrote:
> Anyway, sana mabigyan niyo ako ng tracing program. Something that can give
> me an idea who is trying to enter our servers.
> 

Such a program simply does not exist.  You can trace the attacker,
especially if he's stupid (most of them are, fortunately for us), all
the way to the IP address used to launch the attack.  If they're
really dumb they'll be using their own boxes to launch the attack
(this is by no means uncommon), and from there, you can easily figure
out what ISP or organization owns that IP address by doing a whois
query on APNIC, ARIN, or RIPE (usually it would be APNIC).  Visit
their websites (http://www.apnic.net, http://www.arin.net, and
http://www.ripe.net) for the form you need to do it.

>From there, you should be able to contact the appropriate authorities
who control that IP and figure out who is trying to enter your servers
from there.  If the attack was launched from a dialup IP of an ISP,
usually there would be caller ID information in the ISP's Radius logs.
If the attack was launched from some server, it is only prudent to
inform the real owners that their box has been compromised.

Frankly, I'm not sure what you can do with the information if and when
you got it.  I've consulted with my company's legal department on this
issue and they've told me that given the present state of cyberlaw,
successfully prosecuting anyone for 'hacking' as defined by RA 8792
(The E-Commerce Act) is a very long shot.  While RA 8792 specifically
admits electronic evidence in a criminal case, *there are still no
rules for dealing with electronic evidence in criminal proceedings*.
The recent rules made by JJ Disini promulgated by the Supreme Court
only apply to civil cases (which conspiracy theorists among us may
whisper might apply to the appealed libel case by his brother against
my boss, but that's another story...).  Cyberlaw addressing this issue
here in the Philippines is woefully inadequate to the task, and in no
country in the world does it seem to be much better.  It's really a
difficult issue...

-- 
Rafael R. Sevilla <[EMAIL PROTECTED]>   +63(2)   8177746 ext. 8311
Programmer, InterdotNet Philippines              +63(917) 4458925
http://dido.engr.internet.org.ph/                OpenPGP Key ID: 0x5CDA17D8
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to