On Sat, 13 Oct 2001, Michael F. Bell wrote:

> Lets change the victim from a Goverment agency to a private one. Lets
> say that EBAY got hacked and they launched the same sort of
> investigation with the same findings.. What can be done from a legal
> /financial standpoint if an attack is detected from your company network
> and there is no proof on exactly who did it? Can the victims take legal
> action against you, or is there some sort of protocol from a legal
> standpoint that hinders this?

We know (or should know) that IP addresses can and will be faked in case
of a real attempt and are not enough to

So once a trace is so clearly pointing to you they must have some hard
evidence from your uplink. At this point the evidence is allready there
and it would be a matter of sorting out the small number of employees.

The likelyhood someone is not having any telltale sing is quite remote. At
this point 1 cleaner disk then the other N ones would be enough lead to
turn on the thumbscrews on this person.

Anyone have trouble hiding his/hers IP number isn't more then a slight
inconvinience. (Untill proper handling of spoofed IP's is done more
seriously.)

All in all I fail to see why this would be a likely scenario. I can think
of some others and less friendly ones that are much more likely.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooijvanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]