North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Rooted boxen and the law
- From: Scott Gifford
- Date: Tue Jun 05 13:57:34 2001
Jamie Norwood <firstname.lastname@example.org> writes:
> I am just curious, in these days where every script kiddie with a
> few spare hours is out cracking into every box in sight, what do you
> all do when it happens? I know the isolate/reinstall stuff, I am
> specifically more interested in administrative stuff. Do you log it?
> Report it to the police? FBI? Who?
When we had a cracked box on our network, and a reasonable chance of
catching the guy, we got absolutely zero help from the FBI. We were
only able to get ahold of the agent handling our case once, and never
got phone calls returned. That was from the Detroit office; you may
have better luck depending on where you're at.
Calling CERT might not be a bad idea; might make law enforcement more
willing to listen, and somebody at CERT might be able to help apply
pressure if needed.
> Basically, I just had a box cracked, and have time to kill before I
> get access to it to reinstall (Damn cheap colo provider...) and am
> wondering if I should just reinstall and get on with life, or if I
> should be covering my ass, since I have things on their that will
> make me unhappy if they are taken and released to the public domaine
> (Reg codes for software and the like.)
I would back up the whole thing as it stands now, both to tell what
happened and to provide evidence if it comes to that. Hell, hard
drives are cheap enough; maybe you should just pull the HD from your
cracked machine, and reinstall onto a fresh one.