Guys, you are missing something here. The original poster's concern was what to do with the 0-day exploits, rootkit and sources from security vendors discovered on the machine. They could simply report to all vendors involved, but as I understand their client does not want to be mentioned in the relation to this. This is not a technical, but a legal/political situation. Best regards, Vitaly Osipov, CISSP, CCSE, CCNA > -----Original Message----- > From: Harlan Carvey [mailto:keydet89at_private] > Sent: Thursday, March 27, 2003 1:02 AM > To: pen-testat_private > Subject: Re: Odd situation, advice needed on penentration test results > > > Ido, > > > While catching this person is obviously of > importance, > > the more critical step to take is to secure the > system > > for forensic analysis. > > I would agree that the system needs to be secured, but > what good does shutting down the system do if you > loose all of the volatile data, such as running > processes, network connections, etc? How do you trace > the issue back to whomever is responsible if you don't > even know what IP address they're coming from, b/c > you've lost the volatile data? > > > I would recommend that the your > > client unplug the power from the system (hopefully > the > > intruder has not setup a logic bomb that triggers if > the > > network interface goes down). > > I'm not sure I completely understand your reasoning > here. If you unplug the power from the system, and > the NIC goes down (due to lack of power), wouldn't the > system itself shut off? Wouldn't the hard drive stop > spinning and the CPU no longer process instructions? > > If that's the case...how's a logic bomb going to > execute? > > Thanks, > > Harlan > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your > desktop! http://platinum.yahoo.com > > top spam and e-mail risk at the gateway. > SurfControl E-mail Filter puts the brakes on spam & viruses > and gives you the reports to prove it. See exactly how much > junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1 top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 09:11:55 PST