Security Basics mailing list archives
Re: FTP hack of two web sites
From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Sat, 25 Mar 2006 00:07:30 -0500
backdropman1 () yahoo com wrote:
Seeking any advice on what to do or how to proceed on an FTP attack which left me the IP address of the hacker in my Logs? So far I have given the IP address to their ISP but I have no idea what if anything the ISP did. It would fall under one of these sections od 18 USC
Contact your local law enforcement and, perhaps, the local office of the FBI, if management wishes to pursue that angle (this should have been decided a long time ago, when your incident response plans were created). I'll also assume you haven't "tainted" the evidence so much that it'd get thrown out in court.
18usc1030
This seems to be the most common, assuming the feds take the case. Otherwise, it's subject to your local/state laws.
-- Jeremy L. Gaddis GCWN, MCP, Linux+, Network+ http://www.jeremygaddis.com/ --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- FTP hack of two web sites backdropman1 (Mar 24)
- Re: FTP hack of two web sites Gaddis, Jeremy L. (Mar 27)
- <Possible follow-ups>
- RE: FTP hack of two web sites Roger A. Grimes (Mar 27)