Bojan Zdravkovic(bzdravkoat_private)@Tue, Sep 25, 2001 at 03:28:46PM -0400: > > Hi Paul, > > Calling the ISP will help. They won't "get" the guy, only slap his wrist. The > biggest, ultimate effect of calling the ISP would be sending him a warning > email. Depending on circumstance - probably. They always need at least one warning, after which the gloves may be removed (along with the offfending account). Remember, any ISP worth its salt will chase up security and abuse issues (it may not be quick enough for the original complaint, but it ought to happen). The reason for this is simple PR; any network which gains a reputation amongst its peers as being a script-kiddie and spammer haven will quickly find it's IP ranges blacklisted and it's routes relegated to the "when we can be bothered" category. > ISPs will never forward you any personal info, except if you're a government > investigator. And if an investigator gets involved the damage has to be > substantial (millions). True. The same privacy laws which protect you from your ISP giving contact info to anyone who asks will also protect those of a less savoury stature. OTOH, if you're looking for IP ownership information, depending on the size of the network you may find that an ISP runs their own whois server. In such a case you may be able to track down the appropriate contact details for the IP in question and bypass the ISP (if your would-be cracker is trying to launch the attack from a static IP/host somewhere). > Don't talk about evidence, and don't blow things out of proportion, this > is just a simple mischief, happens to everyone. Along with all the other weird shit floating around. Depending on the threat level of the attack, sometimes it's generally a waste of time and effort trying to hunt them down. Usually if I see something odd or disturbing I'll go a-hunting, but OTOH these days I'm treating all those SunRPC and Bind scans much the same as Code Red and the like (mostly ignored, occasionally chased if I'm in the mood). > And patch that ftpd. Indeed. WuFTPd is *not* your friend. From what I've heard NcFTPd *is*, though (and I believe the liscense allows for a couple of free installations for non-profit organisations/networks). Regards, Ben
This archive was generated by hypermail 2b30 : Sat Sep 29 2001 - 02:08:08 PDT