Firewall Wizards mailing list archives

Re: Response to door knocking

From: Damir Rajnovic <Damir.Rajnovic () eurocert net>
Date: Wed, 3 Feb 1999 21:00:02 +0100

Hello there,

At 3:35 +0100 3/2/99, Robert Graham wrote:

other sites. Thus, if I don't take "reasonable" measures against
hackers, I can be sued. Consider a scenario where an unknown hacker
broke into my site, then used it as a stepping stone to attack VICTIM.
Now, the hacker remains unknown and the VICTIM is suing me. Gosh,
wound't it have been nice to have gathered additional information that
my forensics team and the police could have used to track down the
hacker?


If someone was using your machine without your knowledge you should
be innocent.

You may collect that information but will they be valid in the court?

I am not policeman but I don't really see how knowledge what operating
system attacker is using may help investigation? I think that they are
more concerned with what damage was done and what intentions attacker
had than does (s)he is using OS/2, Windows or FreeBSD OS.

first. Furthermore, I think I'd appreciate that extra little bit of
information from all those script-kiddies out there (because in
practice, I will likely get useful info). But of course, the reason I


There is an easier way to see what OS was used - download exploits
from rootshell and see for which OS they are written. You'll probably
see that most of them are written for <some OS>. Consequently, your
average script-kiddie is using <some OS>. Anyone wish to undertake
that exercise?

Cheers,

Gaus

==========
EuroCERT is operating incident co-ordination role for the European IRT
community. In that sense we would appreciate being included on the "Cc:"
line of any messages you may send to other sites regarding intruder
activity as long as, at least one site is European.  Alternatively you
may send message direct to us and we will try to locate appropriate
contact within Europe or abroad.
==========

---------------------------------------------------------------
EuroCERT                                tel: (+44 1235) 822 382
c/o UKERNA                              fax: (+44 1235) 822 398
Atlas Centre
Chilton, Didcot
Oxfordshire OX11 0QS, UK

Current thread:

Re: Response to door knocking Ulrich Flegel (Feb 01)
- <Possible follow-ups>
- Re: Response to door knocking Robert Graham (Feb 01)
  - Re: Response to door knocking Paul D. Robertson (Feb 01)
- Re: Response to door knocking Paul D. Robertson (Feb 01)
  - Re: Response to door knocking Amos Hayes (Feb 03)
    - Re: Response to door knocking Chris Cappuccio (Feb 04)
    - Re: Response to door knocking Paul D. Robertson (Feb 04)
- Re: Response to door knocking Damir Rajnovic (Feb 02)
- Re: Response to door knocking Robert Graham (Feb 03)
  - Re: Response to door knocking Damir Rajnovic (Feb 04)
  - Re: Response to door knocking Paul D. Robertson (Feb 04)
- RE: Response to door knocking Webb, Andy (Feb 04)
- Re: Response to door knocking John McDermott (Feb 06)
  - Re: Response to door knocking Joseph S D Yao (Feb 08)
- Re: Response to door knocking JohnLNick (Feb 08)