Re: Security Incident

[Michael Erskine <osiris () urbanna net>]

You have all you need to have him prosecuted.  Do us all a big favor,
prosecute.

On Fri, 17 Mar 2000, Robert Driscoll wrote:

> Howdy Wizards,
>
>       I wanted to collect an opinion from the members of this group.
>
>       Recently one of the offices in my company had a security break in on
> their internet router. The culprit signed onto the router for the office and
> reconfigured it.
>
>       From the logs we know where the ip address of the person that telnet'd
> into the router (unless of course it was spoofed). Through NSLOOKUP we were
> able to find out the owner of the source address, and as it happens that
> company
> recently hired an ex-employee of ours. I also found out that that
> ex-employee
> had the password for the router.
>
>       The office manager is looking to see what means of prosecution we have
> available. My suggestion was the following:
>
> 1) Log an incident report with CERT.
> 2) Notify the network manager of the source address that we suspect thier
> equipment
>    was used for malicious purposes.
> 3) The office manager is also looking to see if we should file a local
> police report.
>
>       Any other suggestions?  Your thoughts are appreciated.
>
>
>
> Robert Driscoll
> Systems and Networks Manager
> PrimeSource Corporation
> Seattle, WA  98188
> Phone:        (206) 394-5574
> Fax:          (206) 394-5579
> E-Mail:       driscoll_r () primesource com