Re: I got an intruder

Daniel Guy (guyd@actcom.co.il)
Thu, 9 Nov 1995 22:07:41 +0200 (EET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark_W_Loveless@smtp.bnr.com: "Re: I got an intruder ..."
Previous message: Stephen O. Berger: "Good logging and real-time alert tools ?"
In reply to: MICHAEL S. HINES: "Re: I got an intruder ..."
Next in thread: Porkchop: "Re: I got an intruder ..."

[SNIP] 
> Prosecute, prosecute, prosecute - but of course you may have to get 
> the laws changed to make intrusion an illegal act first of all.  And 
> if the intruder is from across the pond (either way) you've got an 
> International indicent to deal with.   CERT (the Computer Emergency 
> Response Team) can be of assistance (esp. if the intruder you 
> detected happens to part of a larger organized attack).  The FBI is 
> the agency in the USA which is the contact for InterPol, if you have 
> an international incident..   

> > I suggest to find the place where the intruder work, ask the
> > company *nicely* to fire the guy, then kill his dog and burn the house :)

> I'd also sugget they sever all his computer accounts, and Internet 
> access.   Of course, he/she can go down the street to any ISP (Internet 
> Service Provider) and continue his/her games and tricks.   

I think we're getting a little rash here, alot of cracker activity comes 
from bogus or hijacked accounts, prosecuting away without running a full 
investigation first would be foolish and could get a decent user behind 
bars, in addition, before you run to prosecute a teenager, think if he'd 
really done some damage.. <I know saying this might make me a 
flame-bait but it's been to long since my last flame ;) >  is it worthy 
to put a 17 years old kid for 5yrs if all he did was being curious 
without causing any damage?
Again, determining who the attacker *really* is is hell on a university 
or an ISP site where the users allow themselves poor passwords, sharing 
accounts etc., use caution before naming the culprit

> Getting cooperation from the other guy's employer is a whole different matter.
> Maybe, he's being paid to examine your work.  Then what?   

> The best offense if a good defense - keep them out in the first 
> place, and hide (encrypt) business mission critical information.   
No, if you have really important things keeyp themm off the internet, 
encryption can be broken, it is sufficient if a cracker hears of a bug 
before you do to get all your machines compromised 
__
St. Viper the one who doesn't sleep O:-)
**guyd@actcom.co.il**

Next message: Mark_W_Loveless@smtp.bnr.com: "Re: I got an intruder ..."
Previous message: Stephen O. Berger: "Good logging and real-time alert tools ?"
In reply to: MICHAEL S. HINES: "Re: I got an intruder ..."
Next in thread: Porkchop: "Re: I got an intruder ..."