Hi mr police, some guy in your country, we think, attacked our server and brought it down. Well no, nothing was stolen. No, we spent less then $10,000 fixing it. Well no, no he didn't actually break into the system... no.. we can prove that he came from a box we think is in your country, but to be honest that box was probably broken into from another site... yeah, we'd like you to spend several thousand dollars tracking this down. *click*. hello? hello? Uh yeah, that about sums it up I think. It simply costs to much to build a case against someone that does htis, let alone succesfully prosecute it. The cost of finding the person, getting enough probable cause for a search warrant, executing said search warrant against the attackers home system, etc, to find enough evidence that they did it is unlikely. Plus there are plenty of potential defenses "I was simply used as a relay, they broke into my system too!" etc. Let's be realistic, if we gave away brick throwing devices that could launch a brick through a window up to 10,000 miles away, how often do you think the police would catch people breaking windows with bricks? Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 11:21:13 PST