[385] in Intrusion Detection Systems
Re: I got an intruder ...
daemon@ATHENA.MIT.EDU (Mark_W_Loveless@smtp.bnr.com)
Wed Nov 15 20:32:56 1995
From: Mark_W_Loveless@smtp.bnr.com
Date: Thu, 09 Nov 95 13:55:33 CST
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
I've read a number of the replies - had to comment.
1 - Unless the intruder is a complete idiot, you will not be able to
track them down, or if you can you will not be able to "prove" the
person you found did it. Hard to prosecute unless you have hard
evidence (live trace, proprietary docs on intruder's hard drive at
home, blah, blah)
2 - You didn't state whether the intruder was internal or external.
Most security violations are internal, everyone here jumped on the
"kill the Internet hacker" bandwagon ;-) as is so popular these days.
3 - If external and no major harm done, close the doors. If someone
wants in to a system bad enough, they will get in -- Internet,
dial-in, burglary....
______________________________ Reply Separator _________________________________
Subject: I got an intruder ...
Author: ids@uow.edu.au at internet
Date: 11/9/95 4:22 AM
I'm presently working on security policies for a customer,
they're asking me what to do with intruder ;)
I suggest to find the place where the intruder work, ask the
company *nicely* to fire the guy, then kill his dog and burn the house :)
Do you have suggestion ??
---
Benoit Dicaire - Unix - NRJ Informatique
bdicaire@nrj.com - Consultant - (514) 593-9747
