Full Disclosure mailing list archives
Re: How we caught an Identity Thief
From: Babak Pasdar <bpasdar () igxglobal com>
Date: Mon, 20 Feb 2006 09:15:12 -0500
Dear Barry, I can appreciate your point below. Yes, you are correct in that these commands only take a few minutes to run. However please consider that in the scenario presented. 1. I had to get back to our office from the client site over an hour away :) Laws of physics to New York City traffic apply no matter what. 2. The client or a security company's network are not the best source for scanning and investigation activities. Lest you have someone who looks for these early signs of the investigation. Scans have to be alternately sourced. 3. Running a few commands by no means is an indication of a fully packaged and verified set of information. A forensics case has to be started fully documenting all actions and times for possible future reference in legal proceedings. Rushing through something like this and not following procedure is the first step in being caught with your pants down later. Thank you for your response Barry. Babak On Mon, 2006-02-20 at 13:53 +0000, Barrie Dempster wrote:
From the article linked:1. The domain name 2. Who registered it 3. Who was serving DNS for it 4. The IP address of the web site 5. The Service Provider for the IP address 6. The OS of the host 7. The Web Server 8. Some general information about the application the site was using Within hours we had collected all of the above information. It was myrecommendation to > the client that we contact the FBI at this point. It took you "hours" to run nmap/dig/whois ? Not a very good advertisement of your talents, which the post seemed to be attempting. Even giving you the benefit of the doubt and assuming the phishers employed basic obfuscation of the host (Which I would doubt as usually it's someone else machine anyway) hours is a seriously long time to run a few basic commands.
Attachment:
signature.asc
Description: This is a digitally signed message part
_________________________________ igxglobal utilizes state of the art technology from PGP to ensure the safeguard of all electronic correspondences. This message could have been secured by PGP Universal. To secure future messages from this sender, please click this link and contact your representative at igxglobal for further information: https://keys.igxglobal.com/b/b.e?r=full-disclosure%40lists.grok.org.uk&n=4Njq7juzEf1Yn9MHjRn9Ow%3D%3D
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Barrie Dempster (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Barrie Dempster (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Valdis . Kletnieks (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Valdis . Kletnieks (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Barrie Dempster (Feb 20)