Security Basics mailing list archives

Re: FTP hack of two web sites

From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Sat, 25 Mar 2006 00:07:30 -0500

backdropman1 () yahoo com wrote:

Seeking any advice on what to do or how to proceed on an FTP attack which left me the IP address of the hacker in my 
Logs?
So far I have given the IP address to their ISP but I have no idea what if anything the ISP did.
It would fall under one of these sections od 18 USC

Contact your local law enforcement and, perhaps, the local office of theFBI, if management wishes to pursue that angle (this should have beendecided a long time ago, when your incident response plans werecreated). I'll also assume you haven't "tainted" the evidence so muchthat it'd get thrown out in court.

18usc1030

This seems to be the most common, assuming the feds take the case.Otherwise, it's subject to your local/state laws.


--
Jeremy L. Gaddis
GCWN, MCP, Linux+, Network+
http://www.jeremygaddis.com/

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The Norwich University program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Tailor your education to your own professional goals with degreecustomizations including Emergency Management, Business Continuity Planning,Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

FTP hack of two web sites backdropman1 (Mar 24)
- Re: FTP hack of two web sites Gaddis, Jeremy L. (Mar 27)
- <Possible follow-ups>
- RE: FTP hack of two web sites Roger A. Grimes (Mar 27)