Date: Fri, 2 Jun 2000 09:56:31 -0400 From: Chad Day <cday@beachassociates.com> To: "'freebsd-newbies@freebsd.org'" <freebsd-newbies@freebsd.org> Subject: System intrusion followup. Message-ID: <A8D9B16D2196D2118B6E00A0C9E307F423857D@beachpdc1.beachassociates.com>
next in thread | raw e-mail | index | archive | help
Well, just got off the phone with the FBI, and the local police department came by and took a report last evening. The FBI seemed pretty knowledgeable and really willing to go after the guy, even though our estimated loss was only $2-3k, and they say they usually require $10k.. but since the logs are pretty open and shut and it should be an easy matter to persue, he said they are very likely to go ahead after the guy. One thing I did learn: make sure you have a banner on your FTP login and telnet login saying something like: "UNAUTHORIZED ACCESS PROHIBITED". I didn't have that. :( Rookie mistake, lesson learned. The officer from the local police wasn't too technologically there, but I was able to talk her through a lot of it and wrote down my version of what happened, and she seemed to get the gist of everything after a while. AOL, of course, did jack and you know what. After being disconnected after long hold periods, they kindly told me that they won't take any actions regardless of evidence unless the police/FBI contacted them. <on the phone with FBI agent> Me: "I have his IP address, he's coming from AOL, but they wouldn't give me any more information." FBI: "They'll give it to US." Ahh, go FBI. :) Anyway.. things I've learned that may be of value to other newbies.. Make sure you have ftp/telnet banners with usage policies You can trust your users about as far as you can throw them Keep very detailed ftp logs.. ftpd -l -l and AOL sucks, but you knew that already. Thanks to everyone who has emailed me with advice. Chad Day Beach Associates When I speak german... I think german in my head... but like...Do skript kiddies see a w40l3 8uncha 1's and 0's and 3's and 4's and 7's in their h34d'5 w43n t43y R +a1k1n6 ? -- SirStanley To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A8D9B16D2196D2118B6E00A0C9E307F423857D>