Firewall Wizards mailing list archives
Re: Security Incident
From: Michael Erskine <osiris () urbanna net>
Date: Wed, 22 Mar 2000 11:35:15 -0500 (EST)
You have all you need to have him prosecuted. Do us all a big favor, prosecute. On Fri, 17 Mar 2000, Robert Driscoll wrote:
Howdy Wizards, I wanted to collect an opinion from the members of this group. Recently one of the offices in my company had a security break in on their internet router. The culprit signed onto the router for the office and reconfigured it. From the logs we know where the ip address of the person that telnet'd into the router (unless of course it was spoofed). Through NSLOOKUP we were able to find out the owner of the source address, and as it happens that company recently hired an ex-employee of ours. I also found out that that ex-employee had the password for the router. The office manager is looking to see what means of prosecution we have available. My suggestion was the following: 1) Log an incident report with CERT. 2) Notify the network manager of the source address that we suspect thier equipment was used for malicious purposes. 3) The office manager is also looking to see if we should file a local police report. Any other suggestions? Your thoughts are appreciated. Robert Driscoll Systems and Networks Manager PrimeSource Corporation Seattle, WA 98188 Phone: (206) 394-5574 Fax: (206) 394-5579 E-Mail: driscoll_r () primesource com
Current thread:
- Security Incident Robert Driscoll (Mar 21)
- Re: Security Incident Bennett Todd (Mar 21)
- Re: Security Incident Michael Erskine (Mar 23)
- <Possible follow-ups>
- Re: Security Incident Gregory Hicks (Mar 23)