nanog mailing list archives
Re: Rooted boxen and the law
From: Scott Gifford <sgifford () tir com>
Date: 05 Jun 2001 13:52:30 -0400
Jamie Norwood <jnorwood () adelphia net> writes:
I am just curious, in these days where every script kiddie with a few spare hours is out cracking into every box in sight, what do you all do when it happens? I know the isolate/reinstall stuff, I am specifically more interested in administrative stuff. Do you log it? Report it to the police? FBI? Who?
When we had a cracked box on our network, and a reasonable chance of catching the guy, we got absolutely zero help from the FBI. We were only able to get ahold of the agent handling our case once, and never got phone calls returned. That was from the Detroit office; you may have better luck depending on where you're at. Calling CERT might not be a bad idea; might make law enforcement more willing to listen, and somebody at CERT might be able to help apply pressure if needed.
Basically, I just had a box cracked, and have time to kill before I get access to it to reinstall (Damn cheap colo provider...) and am wondering if I should just reinstall and get on with life, or if I should be covering my ass, since I have things on their that will make me unhappy if they are taken and released to the public domaine (Reg codes for software and the like.)
I would back up the whole thing as it stands now, both to tell what happened and to provide evidence if it comes to that. Hell, hard drives are cheap enough; maybe you should just pull the HD from your cracked machine, and reinstall onto a fresh one. ----ScottG.
Current thread:
- Rooted boxen and the law Jamie Norwood (Jun 05)
- Re: Rooted boxen and the law Dalvenjah FoxFire (Jun 05)
- Re: Rooted boxen and the law Dalvenjah FoxFire (Jun 05)
- Re: Rooted boxen and the law Albert Meyer (Jun 05)
- Re: Rooted boxen and the law Scott Gifford (Jun 05)
- Re: Rooted boxen and the law Alexei Roudnev (Jun 05)
- Re: Rooted boxen and the law Dalvenjah FoxFire (Jun 05)