Security Basics mailing list archives
Re: compromised network - followups
From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 31 Dec 2003 13:40:29 -0800 (PST)
we justified $5K of damages and the fbi was involved faster than you can blink ...
That's great. I'm speaking from my experience in the Northern VA area, as well as talking to members of FBI and NIPC.
yyp .... reinstalll is the worst possible thing to do ... == == get a security dude involved if you want to catch the crackers ==
You're going to need the right kind of security dude.
1. I hate to be blunt about this, but if youdon't know what you're doing, why are you doing it? comment... sometimes people learn how to do things by mmaking mistakes ???
That wasn't my point. My point is that why is the original poster sniffing network traffic when they have no idea what they're doing? No one ever said it was a mistake.
- at least the original poster was willing to say he was "cracked"
Of course they did...they seem to want some sort of assistance.
- and fed law ( in the usa ) states that the cracked entity must disclose to all their clients of said activity and resulting activities they did and any lost personal info .. etc..etc..etc...
Which federal law is that? I'm familiar with California's SB 1386, but that law only requires disclosure if sensitive information...SSN, credit card number, etc...is compromised. There's no indication in this particular incident that such a thing occurred.
=== reinstalling a cracked server is the worst things to do === restoring from backups is the 2nd worst possible things to do - and depending on the number of machines you have, that can take months or years to properly clean up the (insecure) network
I would agree...but only to a point. Reinstalling without knowing how things got broken is a bad idea. Harlan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: compromised network - followups root (Jan 02)
- Re: compromised network - followups Harlan Carvey (Jan 02)
- Re: compromised network - followups - yuppers Alvin Oga (Jan 05)
- Re: compromised network - followups - yuppers Harlan Carvey (Jan 05)
- Re: compromised network - followups - yuppers - ids Alvin Oga (Jan 05)
- Re: compromised network - followups - yuppers Alvin Oga (Jan 05)
- Re: compromised network - followups Harlan Carvey (Jan 02)