Try a tool like Recourse's MANHUNT unit. Then run it in "capture" mode. Todd ----- Original Message ----- From: "Cowboy Man" <cowboymat_private> To: "Steve Nichols" <stevenat_private> Cc: "Log Analysis Mailing List" <loganalysisat_private> Sent: Monday, December 17, 2001 12:49 PM Subject: Re: [logs] Thoughts needed > Hi Steve, > > To answer you in short: > > First, don't answer him in regards to his threat - this will just signify > to him that he's gotten under your skin, and he'll run with it. Just > take good notes. > > 1. To do anything legally, you're going to have to prove where the attack > came from. If you have a decent working relationship with your local, > state, or federal law enforcement agency and they actually have a > clue (I'm lucky - the Anchorage Police Dept has a high-tech crimes > unit with some of the brightest computer-cops in the country) give > them a call and let them know what's up. Documenting the threat is a > decent start. If these conditions don't exist, then don't count on > much from LE - but it still won't hurt to try. You'll have to > explain stuff to them in plain english, and it'll take a while. > > Make sure you have good ocntacts for your upstream providers, so that > if you get whacked, you can call them offline and have them block the > offending traffic, or even hunt it down. > > Be sure you can documentand articulate actual damages. > > Give your corp. lawyers a heads-up on what might happen, and then keep > them and mgmt. in the loop once it goes down. > > > 2. Yes, you can go kick his ass, but it won't fix anything, and you'll > likely end up in jail, and a civil suit thereafter. Even though > you'd feel better about things immediately, it's probably not a good > long-term solution. (I've been there too, and it sucks not being able > to perform some involuntary dental work on pinheads like this. In my > case though, the jackass had an expired visa, and was wanted by > Australian authorities on some crime, so my buddy the cop called his > buddy the INS agent, who deported the badgu. The Australians also > got an anoymous tip that the badguy was coming back, so they could > throw him a welcome-back party at the airport.) > > Helps to know the cops. Oh, and depending on what your company does, > the feds may actually care if you get attacked since everyone is so > ultra-sensitive now to attacks on our infrastructure. > > Just my 0.02 worth. Advice is free, so it's probably worth about that > much as well, but I do hope this helps. > > Mike Messick > Information Security Architect > Phillips Alaska, Inc. > > > > On Mon, 17 Dec 2001, Steve Nichols wrote: > > > We have this yahoo that said if we don't release one of our dns records to > > him he is going to DDos us. > > Then he gave me his business card. > > > > 1. If he does, legally what can we do? > > 2. Can I go and kick his ass? > > > > He has a /15 ( 255.254.0.0 ) ( 2 B's ) > > He is leasing the IP's from verio. > > I am going to block the /15 > > > > > > Thoughts? > > > > Steve Nichols > > Internet Manager > > > > > > VALLEY INTERNET COMPANY > > 1709 NE 27th Street, Suite C > > McMinnville, Oregon 97128 > > 503-565-5030 or 800-909-9078 (toll-free) > > "Pay no attention to the folks behind the curtain..." > > PGP: www.viclink.com/~steven/steven.nichols.pgp.txt > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > > For additional commands, e-mail: loganalysis-helpat_private > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 11:01:09 PST