Penetration Testing mailing list archives
Re: [PEN-TEST] eMail auditing problem
From: DA Smith <deb () SANDSTORM NET>
Date: Thu, 14 Sep 2000 08:41:37 -0400
Exactly. Documentation is *everything* in this kind of scenario. At my last job, where I occasionally worked with the Security unit of an ISP, we had to document *everything* - Log files, Email complaints and Spam, Trace Routes, etc. Our Manager would take this documentation to court with him in support of (or against) our customers when the time came. Once you've documented everything, I suggest contacting your upstream ISP. Document what they say and do too :) . If they are useless after several attempts, go around them and contact their Upstream ISP If you end up doing that though, the Upstream will have to bring in your ISP who is their legal customer. However, you've made the contact and can document this as well and may even get a ticket number from them to give to your ISP. The really good ISP will work with you as much as they legally can. They may help contact the ISP of the Hacking source if outside their domain to deal with this. -Deb ----- Original Message ----- From: Mathew Bevan <listhandler () NTLWORLD COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Wednesday, September 13, 2000 4:31 PM Subject: Re: [PEN-TEST] eMail auditing problem
Note, If you reinstall ANYTHING be sure that you have forensically frozen the scene. Make backups of everything, generally if you just go ahead and reinstall your prosecution would fail.- the mail server is hacked => reinstall it, try to prosecute the hacker- the boss box is compromised (BO2K), and all his keystrokes are logged - surely some others ...Unlikely but there are some nifty devices which clip between the keyboard and computer. Great fun in physical tests I assure you.. 8-) Mathew Bevan
Current thread:
- [PEN-TEST] eMail auditing problem Groh, Jens (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem DA Smith (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jose Nazario (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Karyn Pichnarczyk (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] eMail auditing problem Justin Schaefer (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jan Muenther (Sep 14)
- Re: [PEN-TEST] eMail auditing problem pete (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Brentlinger, Mike (ISS eServices) (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Dunker, Noah (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Oxenreider, Jeff (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Talisker (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)