Jamie Norwood <jnorwood@adelphia.net> writes:
I am just curious, in these days where every script kiddie with a few spare hours is out cracking into every box in sight, what do you all do when it happens? I know the isolate/reinstall stuff, I am specifically more interested in administrative stuff. Do you log it? Report it to the police? FBI? Who?
When we had a cracked box on our network, and a reasonable chance of catching the guy, we got absolutely zero help from the FBI. We were only able to get ahold of the agent handling our case once, and never got phone calls returned. That was from the Detroit office; you may have better luck depending on where you're at. Calling CERT might not be a bad idea; might make law enforcement more willing to listen, and somebody at CERT might be able to help apply pressure if needed.
Basically, I just had a box cracked, and have time to kill before I get access to it to reinstall (Damn cheap colo provider...) and am wondering if I should just reinstall and get on with life, or if I should be covering my ass, since I have things on their that will make me unhappy if they are taken and released to the public domaine (Reg codes for software and the like.)
I would back up the whole thing as it stands now, both to tell what happened and to provide evidence if it comes to that. Hell, hard drives are cheap enough; maybe you should just pull the HD from your cracked machine, and reinstall onto a fresh one. ----ScottG.