[380] in Intrusion Detection Systems
Re: I got an intruder
daemon@ATHENA.MIT.EDU (Daniel Guy)
Wed Nov 15 14:56:17 1995
Date: Thu, 9 Nov 1995 22:07:41 +0200 (EET)
From: Daniel Guy <guyd@actcom.co.il>
To: ids@uow.edu.au
In-Reply-To: <C184FE515A@freh-02.adpc.purdue.edu>
Reply-To: ids@uow.edu.au
[SNIP]
> Prosecute, prosecute, prosecute - but of course you may have to get
> the laws changed to make intrusion an illegal act first of all. And
> if the intruder is from across the pond (either way) you've got an
> International indicent to deal with. CERT (the Computer Emergency
> Response Team) can be of assistance (esp. if the intruder you
> detected happens to part of a larger organized attack). The FBI is
> the agency in the USA which is the contact for InterPol, if you have
> an international incident..
> > I suggest to find the place where the intruder work, ask the
> > company *nicely* to fire the guy, then kill his dog and burn the house :)
> I'd also sugget they sever all his computer accounts, and Internet
> access. Of course, he/she can go down the street to any ISP (Internet
> Service Provider) and continue his/her games and tricks.
I think we're getting a little rash here, alot of cracker activity comes
from bogus or hijacked accounts, prosecuting away without running a full
investigation first would be foolish and could get a decent user behind
bars, in addition, before you run to prosecute a teenager, think if he'd
really done some damage.. <I know saying this might make me a
flame-bait but it's been to long since my last flame ;) > is it worthy
to put a 17 years old kid for 5yrs if all he did was being curious
without causing any damage?
Again, determining who the attacker *really* is is hell on a university
or an ISP site where the users allow themselves poor passwords, sharing
accounts etc., use caution before naming the culprit
> Getting cooperation from the other guy's employer is a whole different matter.
> Maybe, he's being paid to examine your work. Then what?
> The best offense if a good defense - keep them out in the first
> place, and hide (encrypt) business mission critical information.
No, if you have really important things keeyp themm off the internet,
encryption can be broken, it is sufficient if a cracker hears of a bug
before you do to get all your machines compromised
__
St. Viper the one who doesn't sleep O:-)
**guyd@actcom.co.il**
