nanog mailing list archives
Tracking cracker, help?
From: dlr () bungi com (Dave Rand)
Date: Mon, 28 Jul 1997 22:42:49 PDT
I'm tracking down an individual that has attacked both my personal site, as well as one of my customers' sites. In this particular attempt, when his 'normal' site was blocked by IP address, he immediately started to use dial-up sites all over his local area, then ranged further into the US. On my system, he had installed a password sniffer. I suspect that this was a common mode of operation for him. Naturally, I logged all of the attempts at the router level. I emailed the logs to the origin ISPs, and (with one notable exception) was met with huge indifference. In the queries, I am asking only for a confirm/deny of the user's name - I am not asking the ISP's involved to release the name of the dialup users. That, of course, will come later. Right now, I'm just trying to confirm that the same individual is launching the attacks. A police report has been filed, and a restraining order will be served tommorow. What's a better way to ask for, and obtain log information in a timely fashion? Wait 6 months for a court trial, when everyone has purged their logs? Clues would be appreciated. -- Dave Rand dlr () bungi com http://www.bungi.com
Current thread:
- Tracking cracker, help? Dave Rand (Jul 28)
- Re: Tracking cracker, help? Andrew Smith (Jul 28)
- Re: Tracking cracker, help? Joe Shaw (Jul 29)
- Re: Tracking cracker, help? Barry Shein (Jul 29)
- Re: Tracking cracker, help? Steve Mansfield (Jul 29)