[52117] in North American Network Operators' Group
Re: Inter-ISP/Telco/X.25 security procedures?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Mon Sep 16 11:56:28 2002
Date: Mon, 16 Sep 2002 15:55:30 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Mark Kent <mark@noc.mainstreet.net>
Cc: <sean@donelan.com>, <nanog@merit.edu>
In-Reply-To: <200209161541.g8GFfbWI037093@noc.mainstreet.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 16 Sep 2002, Mark Kent wrote:
>
> >> Please see Clifford Stoll's book The Cuckoo's Egg for a description
> >> of tracking an intruder across various PSTN, PSDN and Internet providers.
> >> I haven't seen a better description of the process.
>
> And there were, what?, three US ISPs back then?
>
> And when Stanford was getting hacked, where was BBN...
> Answer: right on the Stanford campus, in Stanford buildings!
>
> We don't have the same Internet architecture as we had
> during The Cuckoo's Egg era.
Funny thing is there seem to be about the same number if internet security
folks working at the isp's now as at the time of the book's writing :)
Most times our procedures fail back to:
1) do a whois on the domain name if the ISP in question
2) call the noc number listed
3) try to work your way around to a security-type person
4) end up emailing logs of the incident to noc@
5) wait and hope they respond quickly with something helpful :)
Depending on the carrier things can be good, or very bad.
