Home page logo
/

nanog logo nanog mailing list archives

Tracking cracker, help?
From: dlr () bungi com (Dave Rand)
Date: Mon, 28 Jul 1997 22:42:49 PDT

I'm tracking down an individual that has attacked both my personal site, as
well as one of my customers' sites.  In this particular attempt, when his
'normal' site was blocked by IP address, he immediately started to use
dial-up sites all over his local area, then ranged further into the US.

On my system, he had installed a password sniffer.  I suspect that this was
a common mode of operation for him.

Naturally, I logged all of the attempts at the router level.  I emailed the
logs to the origin ISPs, and (with one notable exception) was met with huge
indifference.  In the queries, I am asking only for a confirm/deny of the
user's name - I am not asking the ISP's involved to release the name of the
dialup users.  That, of course, will come later.  Right now, I'm just trying
to confirm that the same individual is launching the attacks.

A police report has been filed, and a restraining order will be served
tommorow.

What's a better way to ask for, and obtain log information in a timely
fashion?  Wait 6 months for a court trial, when everyone has purged their
logs?

Clues would be appreciated.

-- 
Dave Rand
dlr () bungi com
http://www.bungi.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]