[379] in Intrusion Detection Systems
Re: I got an intruder ...
daemon@ATHENA.MIT.EDU (Julian Assange)
Thu Nov 9 12:17:15 1995
From: Julian Assange <proff@suburbia.net>
To: ids@uow.edu.au
Date: Thu, 9 Nov 1995 20:23:51 +1100 (EST)
In-Reply-To: <C184FE515A@freh-02.adpc.purdue.edu> from "MICHAEL S. HINES" at Nov
Reply-To: ids@uow.edu.au
> > I'm presently working on security policies for a customer,
> > they're asking me what to do with intruder ;)
>
> Prosecute, prosecute, prosecute - but of course you may have to get
> the laws changed to make intrusion an illegal act first of all. And
> if the intruder is from across the pond (either way) you've got an
> International indicent to deal with. CERT (the Computer Emergency
> Response Team) can be of assistance (esp. if the intruder you
> detected happens to part of a larger organized attack). The FBI is
> the agency in the USA which is the contact for InterPol, if you have
> an international incident..
>
> > I suggest to find the place where the intruder work, ask the
> > company *nicely* to fire the guy, then kill his dog and burn the house :)
>
> I'd also sugget they sever all his computer accounts, and Internet
> access. Of course, he/she can go down the street to any ISP (Internet
> Service Provider) and continue his/her games and tricks.
>
> Getting cooperation from the other guy's employer is a whole different matter.
> Maybe, he's being paid to examine your work. Then what?
>
> The best offense if a good defense - keep them out in the first
> place, and hide (encrypt) business mission critical information.
>
> Good luck!
What is this neurotic escalation? Has the intruder actually done
anything other than intrude? If not then close the door they used to get
in and be thankful that you had this kind of intruder who in effect
pointed out you were not doing your job properly, rather than one that
actually did damage. Learn and let live.
Prosecutions sound very sexy. You may want to make yourself into a Cliff
Stoll. But the reality is the world only ever needed one for a brief
innocent period in the latter half of the 1980's. If you want to waste
the companies time, money and personel over the course of a 3-4 year
(that's typical) investigation and pre-trial then finally dispose of its
hard earned reputation in the broader community when all the publicity
associated with the main trial comes out, don't expect the MD to thank
you. Expect some unpleasent questions as to why you were not only
incompetant in the first place but then proceeded compounded the problem
100 fold by your totally self-motivated escalation.
My stomache turns every time I see an exceptionaly ordinary system
administrators suddenly wet their pants and quiver with excitement and
anticipation when they come to the conclusion they can really be
important secret agents, wooed by police, intelligence officers and the
media. Its a enormous waste of public and private funds. And all for the
ego and self-delusion of glorified computer managers who are devoid
of any real life.
--
+----------------------------------+-----------------------------------------+
|Julian Assange | "if you think the United States has |
|FAX: +61-3-9819-9066 | has stood still, who built the largest |
|EMAIL: proff@suburbia.net | shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+
