[109247] in North American Network Operators' Group
Re: [funsec] McColo: Major Source of Online
daemon@ATHENA.MIT.EDU (Charles Wyble)
Wed Nov 12 17:29:18 2008
Date: Wed, 12 Nov 2008 14:29:08 -0800
From: Charles Wyble <charles@thewybles.com>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <DF569A62D4A461488173EBE91C043224037C27C1@POSTOFFICE.nw3c.int>
Errors-To: nanog-bounces@nanog.org
> On to the question about how network operators can help LE: *Collect the data that proves a company such as Intercage/McColo is harboring cybercriminals* and get with your local FBI/Secret Service field office (or your state's Attorney General's office) (or both) and submit a complaint at IC3's website (www.ic3.gov) because we have an excellent team of analysts that track information like that. Package up the evidence you have and send it out.
>
Excellent point. Something like the fine folks at
http://hostexploit.com/ are doing.
I also believe SANS has some excellent courses on forensics, and things
like chain of custody etc. Not sure how much that applies to these sort
of scenarios but it can't hurt to package/handle the evidence in as
compliant a manner as possible.
