Re: compromised network - followups

[Harlan Carvey <keydet89 () yahoo com>]

> we justified $5K of damages and the fbi was involved
> faster than you can blink ...

That's great.  I'm speaking from my experience in the
Northern VA area, as well as talking to members of FBI
and NIPC.  

> yyp .... reinstalll is the worst possible thing to
> do ...
>       ==
>       == get a security dude involved if you want to
> catch the crackers
>       ==

You're going to need the right kind of security dude.

> > 1.  I hate to be blunt about this, but if you
> don't know what you're doing, why are you doing it?
>
> comment...
> sometimes people learn how to do things by mmaking
> mistakes ???

That wasn't my point.  My point is that why is the
original poster sniffing network traffic when they
have no idea what they're doing?  No one ever said it
was a mistake.

> - at least the original poster was willing to say he
> was "cracked" 

Of course they did...they seem to want some sort of
assistance.
 
>       - and fed law ( in the usa ) states that the
> cracked entity must disclose
>       to all their clients of said activity and resulting
> activities they did
>       and any lost personal info .. etc..etc..etc... 

Which federal law is that?  I'm familiar with
California's SB 1386, but that law only requires
disclosure if sensitive information...SSN, credit card
number, etc...is compromised.  There's no indication
in this particular incident that such a thing
occurred.
 
> === reinstalling a cracked server is the worst
> things to do
> === restoring from backups is the 2nd worst possible
> things to do 
>       - and depending on the number of machines you have,
> that can take
>       months or years to properly clean up the (insecure)
> network 

I would agree...but only to a point.  Reinstalling
without knowing how things got broken is a bad idea.  

Harlan


---------------------------------------------------------------------------
----------------------------------------------------------------------------